BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
DOS/SMURF Attacks, Webpage re-routes, HELP!
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > DOS/SMURF Attacks, Webpage re-routes, HELP!  
Forum Quick Jump
 
New Topic Post reply to : DOS/SMURF Attacks, Webpage re-routes, HELP! Printable version of : DOS/SMURF Attacks, Webpage re-routes, HELP!
[ << Previous Thread | Next Thread >> ]

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 31
 
   Posted 12/23/2012 9:22 AM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
Ive been checking the logs on my NETGEAR N600 Router and noticed [DoS attack: ACK Scan] attack packets in last 20 sec from ip [207.171.163.14], Saturday, Dec 22,2012 20:24:47.
My PC has been horribly slow lately and it just frustrates me SO bad! I know i have some sort of virus. I need this thing gone because backing up my data will be a pain!
Anything i do it jus takes so long to load. Opening up documents, viewing webpages, opening up Winamp, etc. When i browse the internet links will intermittently re-route to some phishing websites. I noticed today that my mouse sometimes 'jumps' and moves quickly for just a split second. PLEASE HELP!

Here are my logs...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:41 PM, on 12/22/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2229391427-1754303536-809865111-1010\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2229391427-1754303536-809865111-1010\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'Default user')
O4 - Global Startup: Stardock MyColors.lnk = C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files (x86)\Common Files\Iconix\IconixService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files (x86)\TightVNC\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)

--
End of file - 13059 bytes


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.22.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sian :: SIAN [administrator]

12/22/2012 3:44:46 PM
mbam-log-2012-12-22 (15-44-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 635145
Time elapsed: 1 hour(s), 8 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.10.2
Run by Sian at 22:10:00 on 2012-12-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.4696 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Iconix\IconixService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\UI0Detect.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Users\Sian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: IconixBHOClass Class: {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
uRun: [Spotify Web Helper] "C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [FAStartup] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C1FE8487-9D3D-467F-BF0A-B18184C2976F} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli FAPassSync
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Sian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - ExtSQL: !HIDDEN! 2010-01-17 05:54; ypvhfbosum@ypvhfbosum.org; C:\Users\Sian\Application Data\Mozilla\Firefox\Profiles\zu2rtjde.default\extensions\ypvhfbosum@ypvhfbosum.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2011-3-17 20392]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-17 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-13 27136]
R2 IconixService;Iconix Update Service;C:\Program Files (x86)\Common Files\Iconix\IconixService.exe [2012-11-6 284512]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-11 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-11 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-3-17 20984]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-3-17 67072]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-3 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;C:\Windows\System32\drivers\OA002Afx.sys [2011-3-18 219544]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\System32\drivers\OA002Ufd.sys [2011-3-18 168864]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\System32\drivers\OA002Vid.sys [2011-3-18 306560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-3-27 97040]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-18 1255736]
S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752]
S4 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
.
=============== Created Last 30 ================
.
2012-12-22 22:54:55 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-22 22:54:38 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-22 22:53:21 -------- dc----w- C:\Program Files (x86)\Trend Micro
2012-12-22 22:09:45 9125352 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56AB9D17-1BF2-40A7-97B0-87D4A41B4766}\mpengine.dll
2012-12-18 06:52:44 9125352 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-12 07:48:03 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-12 07:46:59 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-12-12 07:43:09 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 07:43:08 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-07 06:58:56 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-07 06:58:56 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-07 06:58:56 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-07 06:58:56 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-07 06:44:26 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-07 06:44:26 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-07 06:44:25 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-07 06:44:25 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-07 06:44:23 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-07 06:44:22 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-07 06:44:22 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-03 04:07:24 77656 -c--a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-12-03 04:06:59 523088 -c--a-w- C:\Windows\System32\d3dx10_42.dll
2012-12-03 01:21:28 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-12-03 01:19:30 -------- dc----w- C:\Program Files\iPod
2012-12-03 01:19:28 -------- dc----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-03 01:19:28 -------- dc----w- C:\Program Files\iTunes
2012-12-03 01:19:28 -------- dc----w- C:\Program Files (x86)\iTunes
2012-12-03 01:09:37 -------- dc----w- C:\Program Files\Bonjour
2012-12-03 01:09:37 -------- dc----w- C:\Program Files (x86)\Bonjour
2012-12-01 09:53:53 972264 -c----w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7083D733-3BCA-4ECB-B1B5-2BE1E7C7DD63}\gapaengine.dll
.
==================== Find3M ====================
.
2012-12-22 22:52:58 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-12 07:55:20 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 07:55:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 07:54:22 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-12-12 07:54:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-12-12 07:54:21 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-12-12 07:54:21 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-12-07 07:05:17 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-12-07 07:05:17 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-12-07 07:05:17 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-12-07 07:05:17 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-12-07 06:58:14 8192 ----a-w- C:\Windows\SysWow64\iisrstap.dll
2012-12-07 06:58:14 55296 ----a-w- C:\Windows\System32\admwprox.dll
2012-12-07 06:58:14 50688 ----a-w- C:\Windows\SysWow64\admwprox.dll
2012-12-07 06:58:14 26624 ----a-w- C:\Windows\SysWow64\ahadmin.dll
2012-12-07 06:58:14 192000 ----a-w- C:\Windows\System32\iisRtl.dll
2012-12-07 06:58:14 154624 ----a-w- C:\Windows\SysWow64\iisRtl.dll
2012-12-07 06:58:14 15360 ----a-w- C:\Windows\SysWow64\iisreset.exe
2012-12-07 06:58:14 14848 ----a-w- C:\Windows\System32\wamregps.dll
2012-12-07 06:58:14 10752 ----a-w- C:\Windows\SysWow64\wamregps.dll
2012-12-07 06:58:13 60928 ----a-w- C:\Windows\System32\ahadmin.dll
2012-12-07 06:58:13 16896 ----a-w- C:\Windows\System32\iisreset.exe
2012-12-07 06:58:13 11264 ----a-w- C:\Windows\System32\iisrstap.dll
2012-12-07 06:57:54 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-12-07 06:57:54 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-12-07 06:57:54 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-12-07 06:57:54 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-12-07 06:57:54 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-12-07 06:57:54 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-12-07 06:57:54 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-12-07 06:57:54 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-12-07 06:57:54 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-12-07 06:57:53 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-12-07 06:57:53 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-12-07 06:57:53 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-12-07 06:44:18 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-12-07 06:44:18 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-12-07 06:44:14 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-12-07 06:44:14 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-12-07 06:44:14 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-11-02 11:03:11 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-11-02 11:00:00 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-11-02 10:59:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-11-02 10:59:59 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-11-02 10:59:05 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-11-02 10:59:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-11-02 10:58:43 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-11-02 10:58:43 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-11-02 10:56:49 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-11-02 10:56:49 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-11-02 10:56:49 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-11-02 10:56:49 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-11-02 10:56:49 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-11-02 10:56:49 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-06 20:42:03 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-28 18:32:56 5989776 -c--a-w- C:\Windows\System32\usbaaplrc.dll
2012-09-28 18:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
.
============= FINISH: 22:10:53.98 ===============
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 12/23/2012 12:18 PM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
Hello                         :-)
 
 
 

We need to get a comprehensive report of what is present in your system.

 
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
 
 
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in:
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
MRESP50.SYS
CBPSp50.sys
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
  •  
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 31
 
   Posted 12/24/2012 7:06 AM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
OTL

OTL logfile created on: 12/23/2012 7:45:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 75.53% Memory free
15.93 Gb Paging File | 13.73 Gb Available in Paging File | 86.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 28.05 Gb Free Space | 18.83% Space Free | Partition Type: NTFS

Computer Name: SIAN | User Name: Sian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/23 19:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
PRC - [2012/12/04 22:30:53 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/16 14:33:44 | 001,193,176 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/05/12 19:13:29 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/03/19 14:55:54 | 000,284,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Iconix\IconixService.exe
PRC - [2012/02/29 16:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 12:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/13 16:33:38 | 001,362,544 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2010/07/08 05:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
PRC - [2010/05/21 13:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2010/05/21 13:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/05/21 09:38:54 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/04/04 10:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
PRC - [2010/04/04 10:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
PRC - [2010/04/04 10:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/22 13:57:11 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/22 13:55:55 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/22 13:55:52 | 000,969,280 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/12/22 13:55:50 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/12/22 13:55:48 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/22 13:55:46 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/08 00:59:51 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/12/08 00:59:07 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/12/06 22:45:34 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/07/16 14:33:44 | 001,193,176 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/06/12 12:49:22 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/12 12:47:52 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/05/11 18:06:58 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/05/11 18:06:58 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2012/05/11 18:06:58 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/06 17:01:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/05/06 17:01:07 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2011/05/06 16:59:28 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2011/05/06 16:59:03 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/05/06 16:58:53 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/03/17 22:34:11 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll
MOD - [2011/03/17 22:34:11 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
MOD - [2011/03/17 22:34:11 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
MOD - [2011/03/17 22:34:10 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2011/03/17 22:34:10 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2011/03/17 22:34:10 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2011/03/17 22:34:09 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2011/03/17 22:34:09 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
MOD - [2011/03/17 22:34:09 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2011/03/17 22:34:09 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2011/03/17 22:34:09 | 000,025,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2011/03/17 22:34:09 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2011/03/17 22:34:08 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2011/03/17 22:34:08 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2011/03/17 22:34:08 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
MOD - [2011/03/17 22:34:08 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2011/03/17 22:34:08 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2010/08/13 16:33:38 | 001,362,544 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2010/06/17 16:40:52 | 000,057,904 | ---- | M] () -- C:\Windows\SysWOW64\wbload.dll
MOD - [2010/05/21 09:39:00 | 000,154,424 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
MOD - [2010/05/21 09:38:54 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/04/04 10:45:06 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/04/04 10:44:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/04/04 10:42:44 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2009/12/18 10:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/06 22:58:06 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/05/06 17:02:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/05/21 09:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2010/04/18 19:17:10 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/04/04 10:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
SRV:64bit: - [2010/02/02 13:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2012/10/24 09:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/17 12:12:57 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2012/03/19 14:55:54 | 000,284,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Iconix\IconixService.exe -- (IconixService)
SRV - [2012/02/29 16:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 12:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/05/06 16:59:34 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2011/05/06 16:58:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2011/05/06 16:58:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/07/08 05:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/09 08:56:16 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/14 07:57:35 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 04:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/06 16:59:08 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 15:17:34 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/15 08:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/01 09:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/29 10:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 10:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/02/02 13:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/02 13:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/02 13:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/22 09:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/28 20:25:16 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/10 14:18:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009/08/18 07:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/26 14:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/24 18:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/31 17:01:00 | 000,306,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Vid.sys -- (OA002Vid)
DRV:64bit: - [2008/06/03 01:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Ufd.sys -- (OA002Ufd)
DRV:64bit: - [2007/06/07 17:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Afx.sys -- (OA002Afx)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 14:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 01 A9 5A 05 02 CC 01 [binary data]
IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/06 12:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/03 20:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Extensions
[2012/12/08 02:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/12/08 02:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\extensions
[2012/05/20 21:47:59 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[1627/09/29 05:13:27 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\ypvhfbosum@ypvhfbosum.org.xpi
[2099/01/01 12:00:00 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\extensions\ypvhfbosum@ypvhfbosum.org.xpi
[2012/11/06 12:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 09:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.alienware.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.alienware.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sian\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sian\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sian\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sian\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google Search = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: Hedgehog in the fog = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\
CHR - Extension: 1Click Downloader = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.5_0\
CHR - Extension: Gmail = C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (IconixBHOClass Class) - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000..\Run: [Spotify Web Helper] C:\Users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2229391427-1754303536-809865111-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2229391427-1754303536-809865111-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
O4 - Startup: C:\Users\TEMP.SIAN.015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll ()
O9 - Extra 'Tools' menuitem : About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\Iconix\IEAddOn\IconixBHO_46.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1FE8487-9D3D-467F-BF0A-B18184C2976F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{82fac096-78ac-11e1-a96b-5c260a3b9713}\Shell - "" = AutoRun
O33 - MountPoints2\{82fac096-78ac-11e1-a96b-5c260a3b9713}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpFolder: C:^Users^Sian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe - (Nullsoft, Inc.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BitTorrent - hkey= - key= - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: DS3 Tool - hkey= - key= - C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
MsConfig:64bit - StartUpReg: FATrayAlert - hkey= - key= - C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Logitech G35 - hkey= - key= - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: tvncontrol - hkey= - key= - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/23 19:43:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
[2012/12/22 14:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/22 14:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/12/22 14:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/12/22 14:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/12/12 21:53:14 | 000,000,000 | ---D | C] -- C:\Users\Sian\Documents\siansundy
[2012/12/02 17:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/12/02 17:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/02 17:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/02 17:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/02 17:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/02 17:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/02 17:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/12/02 17:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/23 19:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
[2012/12/23 19:37:53 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 19:37:53 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 19:18:55 | 000,878,778 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/23 19:18:55 | 000,732,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/23 19:18:55 | 000,146,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/23 19:12:39 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/23 19:12:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/23 19:11:40 | 2119,815,167 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/23 16:02:30 | 000,423,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/22 15:39:35 | 000,007,606 | ---- | M] () -- C:\Users\Sian\AppData\Local\Resmon.ResmonCfg
[2012/12/15 14:52:00 | 000,000,219 | ---- | M] () -- C:\Users\Sian\Desktop\Dota 2.url
[2012/12/15 01:18:34 | 000,002,474 | ---- | M] () -- C:\Users\Sian\Desktop\Google Chrome.lnk
[2012/12/06 22:59:15 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/06 22:45:08 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/02 17:21:33 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/15 14:52:00 | 000,000,219 | ---- | C] () -- C:\Users\Sian\Desktop\Dota 2.url
[2012/12/06 22:59:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/06 22:44:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/02 17:21:33 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/29 15:32:55 | 000,037,837 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/03/28 00:53:46 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012/03/28 00:25:38 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/03/10 11:01:34 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/02/29 12:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/11/17 13:06:43 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\Config.ini
[2011/10/27 13:11:12 | 000,000,092 | ---- | C] () -- C:\Users\Sian\AppData\Local\fusioncache.dat
[2011/05/30 22:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/30 22:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/05/06 21:17:11 | 000,006,656 | ---- | C] () -- C:\Users\Sian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/27 02:01:16 | 000,000,600 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\winscp.rnd
[2011/03/23 21:59:33 | 000,000,268 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/03/18 12:57:26 | 000,007,606 | ---- | C] () -- C:\Users\Sian\AppData\Local\Resmon.ResmonCfg
[2011/03/18 11:47:40 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011/03/17 22:22:44 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/03/17 22:22:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/03/17 22:22:44 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2011/03/17 22:22:44 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/03/17 21:39:01 | 000,896,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/17 20:26:51 | 000,061,224 | ---- | C] () -- C:\Users\Sian\GoToAssistDownloadHelper.exe

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/12 18:57:09 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/12 18:57:09 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011/05/06 16:59:30 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/23 19:54:07 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\BitTorrent
[2012/11/06 12:02:50 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Iconix
[2011/03/20 01:22:01 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Leadertech
[2011/05/05 20:02:18 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\LolClient
[2011/04/15 21:33:29 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\MotioninJoy
[2011/03/27 22:46:44 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Need for Speed World
[2012/05/17 23:04:16 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\runic games
[2011/03/27 22:41:08 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Sony
[2012/07/16 14:42:26 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Spotify
[2011/03/27 03:40:26 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\TightVNC

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/05/13 15:21:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/03/19 05:06:57 | 000,000,000 | ---D | M] -- C:\a14a385148056b4b94c8
[2011/03/17 21:40:15 | 000,000,000 | ---D | M] -- C:\dell
[2009/07/13 21:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/04/19 16:12:17 | 000,000,000 | ---D | M] -- C:\extensions
[2011/03/27 00:45:28 | 000,000,000 | ---D | M] -- C:\inetpub
[2011/03/17 20:30:03 | 000,000,000 | ---D | M] -- C:\Intel
[2011/04/23 15:16:44 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/05/17 23:59:42 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012/07/12 19:22:06 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/12/02 17:19:30 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/12/22 14:53:21 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/12/22 14:52:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/03/17 19:14:54 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/12/23 19:48:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/12/23 19:14:57 | 000,000,000 | R--D | M] -- C:\Users
[2012/12/06 23:10:20 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2011/09/04 01:11:06 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\10c24b6.ipi
[2011/08/01 14:59:06 | 001,978,368 | ---- | M] () -- C:\Windows\Installer\10c24bd.msi
[2011/11/14 10:56:43 | 000,024,576 | ---- | M] () -- C:\Windows\Installer\1289bb.ipi
[2011/10/17 10:31:18 | 000,926,208 | ---- | M] () -- C:\Windows\Installer\128a7a.msi
[2011/03/23 21:58:08 | 004,070,912 | ---- | M] () -- C:\Windows\Installer\12cb9d.msi
[2011/10/26 16:36:14 | 002,829,312 | R--- | M] () -- C:\Windows\Installer\13d159.msp
[2011/06/21 11:59:26 | 001,764,352 | R--- | M] () -- C:\Windows\Installer\13d172.msp
[2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\13d188.msp
[2011/11/01 13:34:56 | 004,250,112 | R--- | M] () -- C:\Windows\Installer\13d1af.msp
[2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\13d1c5.msp
[2011/03/17 20:03:50 | 000,308,736 | R--- | M] () -- C:\Windows\Installer\13d20d.msp
[2011/09/08 18:19:41 | 002,323,456 | ---- | M] () -- C:\Windows\Installer\143f2f.msi
[2012/09/25 12:39:06 | 001,760,768 | R--- | M] () -- C:\Windows\Installer\1470e1.msp
[2012/09/25 12:38:52 | 011,885,568 | R--- | M] () -- C:\Windows\Installer\1470f9.msp
[2012/09/25 12:35:18 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\14710f.msp
[2012/09/25 12:35:46 | 004,285,952 | R--- | M] () -- C:\Windows\Installer\147125.msp
[2012/09/06 10:16:24 | 025,810,944 | R--- | M] () -- C:\Windows\Installer\14713c.msp
[2012/09/25 12:35:30 | 007,695,360 | R--- | M] () -- C:\Windows\Installer\147151.msp
[2012/09/25 12:36:20 | 008,465,408 | R--- | M] () -- C:\Windows\Installer\147167.msp
[2012/09/10 09:35:36 | 015,580,672 | R--- | M] () -- C:\Windows\Installer\14717c.msp
[2012/10/24 15:24:30 | 005,007,872 | R--- | M] () -- C:\Windows\Installer\147191.msp
[2012/04/13 02:15:24 | 000,779,264 | ---- | M] () -- C:\Windows\Installer\156eaba.msi
[2012/03/15 13:26:06 | 004,212,736 | R--- | M] () -- C:\Windows\Installer\15de16.msp
[2012/04/22 21:46:00 | 001,187,328 | R--- | M] () -- C:\Windows\Installer\15de1e.msp
[2012/05/30 06:17:06 | 005,010,432 | R--- | M] () -- C:\Windows\Installer\15de33.msp
[2012/08/30 02:06:58 | 005,007,872 | R--- | M] () -- C:\Windows\Installer\19e13e.msp
[2011/06/06 16:00:09 | 048,470,016 | ---- | M] () -- C:\Windows\Installer\1b052347.msi
[2012/07/18 14:54:24 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\1b851b.msp
[2012/07/25 15:57:08 | 002,532,864 | R--- | M] () -- C:\Windows\Installer\1b853f.msp
[2012/07/18 14:55:46 | 009,585,664 | R--- | M] () -- C:\Windows\Installer\1b8556.msp
[2012/07/25 15:57:06 | 003,157,504 | R--- | M] () -- C:\Windows\Installer\1b856d.msp
[2012/09/25 11:35:46 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\1b8583.msp
[2011/04/28 08:57:38 | 002,721,280 | R--- | M] () -- C:\Windows\Installer\1c0a29.msp
[2011/04/06 19:12:06 | 194,340,864 | R--- | M] () -- C:\Windows\Installer\1c0a47.msp
[2011/05/18 22:06:22 | 038,672,896 | R--- | M] () -- C:\Windows\Installer\1c0a67.msp
[2012/05/17 18:56:49 | 001,376,768 | ---- | M] () -- C:\Windows\Installer\1cacfc8.msi
[2006/12/02 01:20:42 | 003,227,648 | ---- | M] () -- C:\Windows\Installer\1dd04d.msi
[2008/08/08 13:46:10 | 000,242,176 | ---- | M] () -- C:\Windows\Installer\1dd052.msi
[2010/02/02 13:13:06 | 001,544,704 | ---- | M] () -- C:\Windows\Installer\1dd057.msi
[2010/02/02 13:13:06 | 000,829,440 | ---- | M] () -- C:\Windows\Installer\1dd05c.msi
[2010/02/02 13:13:06 | 001,304,576 | ---- | M] () -- C:\Windows\Installer\1dd061.msi
[2011/03/17 22:16:22 | 050,226,176 | ---- | M] () -- C:\Windows\Installer\1dd06a.msi
[2011/03/17 22:19:16 | 006,939,136 | ---- | M] () -- C:\Windows\Installer\1dd078.msi
[2011/03/25 08:16:38 | 005,135,872 | R--- | M] () -- C:\Windows\Installer\1fef64.msp
[2011/04/13 10:48:16 | 035,326,464 | R--- | M] () -- C:\Windows\Installer\1fef7a.msp
[2012/07/18 14:53:56 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\246a4b.msp
[2012/07/18 14:46:48 | 000,593,408 | R--- | M] () -- C:\Windows\Installer\246a61.msp
[2009/04/14 04:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\289b1d.msp
[2011/04/16 00:14:54 | 003,186,176 | ---- | M] () -- C:\Windows\Installer\289b23.msi
[2009/04/14 03:22:08 | 019,840,000 | R--- | M] () -- C:\Windows\Installer\289b2a.msp
[2009/04/04 10:14:58 | 001,094,656 | R--- | M] () -- C:\Windows\Installer\289b35.msp
[2009/04/04 11:36:32 | 021,390,848 | R--- | M] () -- C:\Windows\Installer\289b36.msp
[2009/04/04 17:09:34 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\289b3c.msp
[2009/04/14 04:56:18 | 020,498,944 | R--- | M] () -- C:\Windows\Installer\289d69.msp
[2009/02/25 19:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\289db7.msp
[2011/09/21 16:18:24 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\289dcd.msp
[2009/05/07 09:04:06 | 018,341,376 | R--- | M] () -- C:\Windows\Installer\289dd5.msp
[2009/04/14 03:46:12 | 015,438,848 | R--- | M] () -- C:\Windows\Installer\289ddd.msp
[2009/04/14 04:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\289de5.msp
[2011/07/11 17:33:14 | 023,254,016 | R--- | M] () -- C:\Windows\Installer\289df8.msp
[2007/03/15 16:45:06 | 000,698,880 | ---- | M] () -- C:\Windows\Installer\289dfd.msi
[2009/04/14 04:21:34 | 015,303,168 | R--- | M] () -- C:\Windows\Installer\289e04.msp
[2008/08/11 11:49:32 | 022,457,344 | R--- | M] () -- C:\Windows\Installer\289e1a.msp
[2011/03/17 20:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\289e21.msp
[2011/04/19 04:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\289e28.msi
[2011/04/19 04:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\289e2e.msi
[2008/09/24 12:05:44 | 016,381,440 | R--- | M] () -- C:\Windows\Installer\289e43.msp
[2009/04/14 04:18:14 | 009,684,480 | R--- | M] () -- C:\Windows\Installer\289e52.msp
[2009/04/14 04:49:26 | 001,922,560 | R--- | M] () -- C:\Windows\Installer\289e59.msp
[2005/09/23 02:32:48 | 004,022,784 | ---- | M] () -- C:\Windows\Installer\299d7c9.msi
[2003/02/21 10:43:14 | 005,922,304 | ---- | M] () -- C:\Windows\Installer\2ed4a9d.msi
[2011/10/27 13:05:43 | 019,361,792 | R--- | M] () -- C:\Windows\Installer\2efdfa6.msp
[2011/04/16 07:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\2efdfc6.msi
[2009/04/14 02:20:06 | 009,573,376 | R--- | M] () -- C:\Windows\Installer\31c1d1.msp
[2011/10/30 21:27:20 | 020,333,568 | R--- | M] () -- C:\Windows\Installer\31c1dc.msp
[2012/02/15 20:05:34 | 000,163,840 | ---- | M] () -- C:\Windows\Installer\347f9.ipi
[2012/01/03 09:58:05 | 015,929,344 | R--- | M] () -- C:\Windows\Installer\348c8.msp
[2012/02/13 08:57:28 | 030,412,800 | ---- | M] () -- C:\Windows\Installer\383f66.msi
[2012/12/22 14:52:18 | 027,811,840 | ---- | M] () -- C:\Windows\Installer\3b9775.msi
[2012/12/22 14:55:01 | 000,179,200 | ---- | M] () -- C:\Windows\Installer\3b9783.msi
[2012/04/04 05:32:41 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\3c64e.msp
[2011/11/01 12:34:26 | 001,169,920 | R--- | M] () -- C:\Windows\Installer\3c663.msp
[2012/03/23 13:59:02 | 007,899,648 | R--- | M] () -- C:\Windows\Installer\3c679.msp
[2012/03/26 23:28:54 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\3c68f.msp
[2012/01/22 09:20:42 | 001,707,520 | R--- | M] () -- C:\Windows\Installer\3c698.msp
[2011/11/21 23:42:40 | 033,189,888 | R--- | M] () -- C:\Windows\Installer\3d2acb.msp
[2010/07/23 01:04:08 | 011,395,072 | R--- | M] () -- C:\Windows\Installer\4271f5.msp
[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\Windows\Installer\42720b.msp
[2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\427221.msp
[2012/02/03 15:13:48 | 004,988,928 | R--- | M] () -- C:\Windows\Installer\427237.msp
[2011/11/11 16:15:00 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\42724d.msp
[2011/07/27 07:37:28 | 011,592,192 | R--- | M] () -- C:\Windows\Installer\427271.msp
[2010/08/04 15:12:26 | 001,004,544 | R--- | M] () -- C:\Windows\Installer\427278.msp
[2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\42728e.msp
[2009/08/18 13:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\4272a4.msp
[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\4272ba.msp
[2009/05/26 18:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\4272cf.msp
[2009/10/16 07:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\4272e5.msp
[2012/02/15 23:04:07 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\4272f0.msp
[2011/11/01 13:34:58 | 004,225,536 | R--- | M] () -- C:\Windows\Installer\42730a.msp
[2011/11/11 16:14:40 | 009,096,192 | R--- | M] () -- C:\Windows\Installer\427320.msp
[2010/05/20 19:57:12 | 005,907,456 | R--- | M] () -- C:\Windows\Installer\42733f.msp
[2010/05/20 19:57:18 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\427340.msp
[2011/12/26 06:24:12 | 008,835,072 | R--- | M] () -- C:\Windows\Installer\42734a.msp
[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\42735f.msp
[2009/07/27 04:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\427375.msp
[2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\Windows\Installer\42739e.msp
[2010/03/24 18:54:48 | 003,126,272 | R--- | M] () -- C:\Windows\Installer\42739f.msp
[2009/08/05 07:49:32 | 003,457,024 | R--- | M] () -- C:\Windows\Installer\4273b8.msp
[2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\Windows\Installer\4273d0.msp
[2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\4273e6.msp
[2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\4273fc.msp
[2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\427412.msp
[2010/02/21 01:03:34 | 004,472,832 | R--- | M] () -- C:\Windows\Installer\42742e.msp
[2011/03/18 12:13:59 | 001,588,224 | ---- | M] () -- C:\Windows\Installer\42c4ba.msi
[2011/09/15 18:35:54 | 001,411,072 | R--- | M] () -- C:\Windows\Installer\441c16a.msp
[2011/09/15 18:37:52 | 034,428,416 | R--- | M] () -- C:\Windows\Installer\441c16b.msp
[2011/09/15 18:37:28 | 016,691,712 | R--- | M] () -- C:\Windows\Installer\441c171.msp
[2011/09/15 18:34:54 | 428,804,608 | R--- | M] () -- C:\Windows\Installer\441c3c5.msp
[2011/09/15 18:34:14 | 008,499,712 | R--- | M] () -- C:\Windows\Installer\441c3d2.msp
[2011/09/15 18:38:04 | 010,838,528 | R--- | M] () -- C:\Windows\Installer\441c3dc.msp
[2011/09/15 18:39:22 | 011,163,136 | R--- | M] () -- C:\Windows\Installer\441c3e7.msp
[2011/09/15 18:40:36 | 007,959,552 | R--- | M] () -- C:\Windows\Installer\441c3f0.msp
[2011/01/15 09:46:32 | 002,049,536 | ---- | M] () -- C:\Windows\Installer\441c3f6.msi
[2010/11/25 08:12:14 | 000,510,464 | R--- | M] () -- C:\Windows\Installer\46dba4.msp
[2010/07/16 07:41:36 | 001,732,608 | R--- | M] () -- C:\Windows\Installer\46dbaa.msp
[2009/04/04 17:08:40 | 343,058,432 | R--- | M] () -- C:\Windows\Installer\470afcc.msp
[2009/04/04 17:05:54 | 007,999,488 | R--- | M] () -- C:\Windows\Installer\470afd9.msp
[2009/04/04 17:10:08 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\470afe3.msp
[2009/04/04 17:10:16 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\470afec.msp
[2009/04/04 17:10:24 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\470aff3.msp
[2006/12/02 07:09:06 | 002,818,048 | ---- | M] () -- C:\Windows\Installer\48be92.msi
[2010/03/18 13:41:24 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\4c04c2.msi
[2011/03/20 01:18:29 | 032,476,672 | ---- | M] () -- C:\Windows\Installer\4cd9e.msi
[2011/03/17 22:49:47 | 000,743,424 | ---- | M] () -- C:\Windows\Installer\505e2.msi
[2012/12/02 17:08:08 | 021,461,504 | ---- | M] () -- C:\Windows\Installer\57bbea4.msi
[2012/12/02 17:08:13 | 002,682,368 | ---- | M] () -- C:\Windows\Installer\57bbedc.msi
[2012/12/02 17:10:08 | 012,054,528 | ---- | M] () -- C:\Windows\Installer\57bbf28.msi
[2012/12/02 17:11:37 | 059,330,560 | ---- | M] () -- C:\Windows\Installer\57bcb1e.msi
[2012/12/02 17:22:43 | 021,168,128 | ---- | M] () -- C:\Windows\Installer\57bcb23.msi
[2011/03/17 22:30:46 | 048,221,184 | ---- | M] () -- C:\Windows\Installer\5e0b2.msi
[2012/03/23 15:37:40 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\60b646.ipi
[2011/04/23 15:16:45 | 002,398,720 | ---- | M] () -- C:\Windows\Installer\60de91.msi
[2011/04/23 15:16:44 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\60de96.msi
[2011/04/23 15:16:57 | 001,714,176 | ---- | M] () -- C:\Windows\Installer\60de9b.msi
[2011/04/23 15:17:00 | 002,024,448 | ---- | M] () -- C:\Windows\Installer\60dea0.msi
[2011/04/23 15:17:03 | 001,642,496 | ---- | M] () -- C:\Windows\Installer\60dea5.msi
[2011/04/23 15:17:06 | 001,648,640 | ---- | M] () -- C:\Windows\Installer\60deaa.msi
[2011/04/23 15:17:06 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\60deaf.msi
[2011/04/23 15:17:06 | 002,320,896 | ---- | M] () -- C:\Windows\Installer\60deb4.msi
[2011/04/23 15:17:11 | 000,503,296 | ---- | M] () -- C:\Windows\Installer\60deb9.msi
[2011/04/23 15:17:11 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\60debe.msi
[2011/04/23 15:17:17 | 000,514,048 | ---- | M] () -- C:\Windows\Installer\60dec3.msi
[2011/04/23 15:17:15 | 000,518,144 | ---- | M] () -- C:\Windows\Installer\60dec9.msi
[2011/04/23 15:17:11 | 000,507,904 | ---- | M] () -- C:\Windows\Installer\60decf.msi
[2011/04/23 15:17:11 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\60ded4.msi
[2011/04/23 15:17:20 | 001,653,760 | ---- | M] () -- C:\Windows\Installer\60ded9.msi
[2011/04/23 15:17:22 | 001,654,272 | ---- | M] () -- C:\Windows\Installer\60dede.msi
[2011/04/23 15:17:25 | 001,654,272 | ---- | M] () -- C:\Windows\Installer\60dee3.msi
[2011/04/23 15:17:25 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\60dee8.msi
[2011/04/23 15:17:31 | 001,642,496 | ---- | M] () -- C:\Windows\Installer\60deed.msi
[2011/04/23 15:17:36 | 000,847,872 | ---- | M] () -- C:\Windows\Installer\60def3.msi
[2011/04/23 15:17:37 | 018,183,680 | ---- | M] () -- C:\Windows\Installer\60defd.msi
[2007/04/12 16:11:48 | 004,582,912 | R--- | M] () -- C:\Windows\Installer\60defe.msp
[2008/08/08 13:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\64d29.msi
[2009/07/12 06:43:18 | 000,231,936 | ---- | M] () -- C:\Windows\Installer\64e0c4.msi
[2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\66975.msp
[2012/02/29 22:45:14 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\66a5a.msp
[2010/03/18 13:41:24 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\6a71b.msi
[2011/05/30 22:45:52 | 000,041,984 | ---- | M] () -- C:\Windows\Installer\6cd7fc.msi
[2011/09/17 02:03:12 | 000,045,056 | ---- | M] () -- C:\Windows\Installer\6cd7ff.ipi
[2011/09/17 02:03:11 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\6cd802.msp
[2012/07/27 17:47:34 | 013,123,584 | R--- | M] () -- C:\Windows\Installer\727ea.msp
[2012/07/18 14:53:36 | 010,937,344 | R--- | M] () -- C:\Windows\Installer\727ff.msp
[2012/07/25 15:59:06 | 011,032,064 | R--- | M] () -- C:\Windows\Installer\72815.msp
[2012/06/26 17:03:12 | 003,875,840 | R--- | M] () -- C:\Windows\Installer\7282b.msp
[2012/10/05 20:27:12 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\7d898.msi
[2012/09/12 22:38:38 | 008,265,728 | ---- | M] () -- C:\Windows\Installer\88930.msi
[2012/10/20 23:32:14 | 009,590,272 | R--- | M] () -- C:\Windows\Installer\897e5b.msp
[2012/10/20 23:32:14 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\897e71.msp
[2012/11/17 09:36:02 | 005,007,872 | R--- | M] () -- C:\Windows\Installer\897e87.msp
[2008/08/15 11:46:16 | 014,821,376 | ---- | M] () -- C:\Windows\Installer\8d726c.msi
[2011/09/05 14:01:26 | 013,135,872 | R--- | M] () -- C:\Windows\Installer\92aba.msp
[2008/07/30 19:25:36 | 000,228,864 | ---- | M] () -- C:\Windows\Installer\a5a692.msi
[2009/07/12 11:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\aacb03.msi
[2012/04/04 21:37:36 | 003,149,824 | R--- | M] () -- C:\Windows\Installer\b35b7.msp
[2012/04/04 21:37:40 | 002,540,544 | R--- | M] () -- C:\Windows\Installer\b35db.msp
[2012/06/19 11:54:42 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\b35f1.msp
[2012/06/19 11:54:40 | 002,239,488 | R--- | M] () -- C:\Windows\Installer\b3607.msp
[2012/05/30 06:18:24 | 001,739,264 | R--- | M] () -- C:\Windows\Installer\b3611.msp
[2012/05/30 06:18:08 | 011,885,056 | R--- | M] () -- C:\Windows\Installer\b3644.msp
[2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\Windows\Installer\b75e6c.msi
[2012/02/25 21:02:08 | 026,820,096 | ---- | M] () -- C:\Windows\Installer\bdf9bc.msi
[2012/05/11 18:05:58 | 020,343,808 | R--- | M] () -- C:\Windows\Installer\c9dbe.msp
[2012/02/17 07:45:24 | 002,299,392 | R--- | M] () -- C:\Windows\Installer\c9dd4.msp
[2012/04/28 20:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\c9dea.msp
[2012/03/15 01:24:28 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\c9e00.msp
[2012/04/04 21:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\c9e16.msp
[2011/12/15 13:54:16 | 039,732,736 | R--- | M] () -- C:\Windows\Installer\c9e39.msp
[2012/04/30 13:38:28 | 005,011,456 | R--- | M] () -- C:\Windows\Installer\c9e4e.msp
[2012/01/19 13:20:42 | 011,997,696 | R--- | M] () -- C:\Windows\Installer\c9e5b.msp
[2012/04/28 20:44:02 | 009,586,176 | R--- | M] () -- C:\Windows\Installer\c9e72.msp
[2012/04/28 20:44:02 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\c9e88.msp
[2012/04/04 21:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\c9e9e.msp
[2011/02/11 07:59:10 | 023,633,408 | R--- | M] () -- C:\Windows\Installer\ceb337.msp
[2011/08/10 16:40:58 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\cfc367.msi
[2011/08/10 16:40:56 | 001,859,584 | ---- | M] () -- C:\Windows\Installer\cfc36c.msi
[2009/05/01 13:03:44 | 001,585,664 | ---- | M] () -- C:\Windows\Installer\e2db8.msi
[2011/06/12 21:31:23 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi
[2012/02/25 21:04:24 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi
[2011/05/22 20:49:58 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi
[2012/03/17 19:58:03 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi
[2012/12/02 17:12:39 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}.SchedServiceConfig.rmi
[30 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2011/05/05 21:17:24 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/05/05 21:17:24 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/05/06 17:01:07 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/05/06 17:01:07 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/05/06 17:02:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/05/06 17:02:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 17:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 17:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 17:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 17:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2011/05/06 16:58:10 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2011/05/06 16:58:10 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2011/05/06 17:01:13 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2011/05/06 17:01:13 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2011/05/06 17:02:01 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2011/05/06 17:02:01 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/13 21:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 21:08:49 | 000,032,546 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/07 18:57:07 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/04/07 18:57:09 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/08/30 22:03:34 | 000,000,852 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000Core.job
[2012/08/30 22:03:36 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000UA.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: SIAN
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 System Rese NTFS Partition 100 MB Healthy System
Volume 1 C NTFS Partition 148 GB Healthy Boot

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

Extras

OTL Extras logfile created on: 12/23/2012 7:45:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 75.53% Memory free
15.93 Gb Paging File | 13.73 Gb Available in Paging File | 86.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 28.05 Gb Free Space | 18.83% Space Free | Partition Type: NTFS

Computer Name: SIAN | User Name: Sian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0578E4BD-EA73-4E05-8360-078086C4A03F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0CFC69E7-5A7F-4F80-893C-AF95CD56B930}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A435D4F-98E7-436E-96F2-F5A69D3F072D}" = rport=445 | protocol=6 | dir=out | app=system |
"{228B42AA-E178-4E75-9EBF-0D5D8C6CC069}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{233EB15E-7932-44E4-9A69-45D894881BDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39384F77-7EB4-48AE-ABC1-E366E0ED2746}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B87824A-FBB9-4A68-A8AA-1E880125A276}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7874C15A-28B1-455E-BF2F-D13326A875E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{7DA690EF-076E-4DAA-8344-514F0D6CB296}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F4CD5E1-9BD4-41D5-9CC3-D04D66797513}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7FF72B46-2140-4D77-A1F6-8134DD13B608}" = lport=137 | protocol=17 | dir=in | app=system |
"{841E1CA1-ED5E-46F2-BBCB-CDDB2B637ACA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8E0B8DE3-9BB2-427C-92EA-FC2B180791A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92D1C24F-9AA7-4996-88D8-E2DE9F992EB5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{94DF323B-4611-4162-95E4-9A1D86D16B5A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{98DF51EA-669F-4DAF-8F3A-8B41B16AC71E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9AC44307-1D94-440D-8CAB-AE014F42524F}" = lport=139 | protocol=6 | dir=in | app=system |
"{A02351E5-25D4-44DA-837D-24D7BFBF3BB4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5B5DEDD-7344-4BE8-9CBE-CA51D3222B11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9F2C606-2390-402B-A28C-FF9127D39311}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD5E2540-EADB-4B2A-B65D-8A3FE2ADF89D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9492248-4736-4657-945B-00F15E39234C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BC0963C6-4CFF-4819-90AD-1A1867B7CAB5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9CEC36C-3392-42AB-80FC-4B6D9D9493FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA2B2EBF-6EB6-43C7-9B00-6298F73FF464}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CC17CBAE-217B-476B-96F5-9F6B83415003}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DB62D62C-C7E2-4822-A1D7-8612CA91FFF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF0A9460-62AE-4DB5-B73D-BF8B7206571E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E288087D-FEF5-442E-A2C6-B9B67240F3F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E801D928-DD26-48A1-BDA7-2D4FECC2CC73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBEB2D3A-0C56-4815-AB6B-4DDA69A83A13}" = rport=137 | protocol=17 | dir=out | app=system |
"{FCA6B11F-191E-41C3-BBB3-640FA0ECD210}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D11A90-AC17-4346-837F-1F4949D4BFF5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{04FE9C0E-4512-428E-975B-6C794AE7669A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0FC67F02-D7F8-4955-BEA7-5CB5C77F19B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\siansaechao\counter-strike\hl.exe |
"{15B7F8A9-D993-4071-8D12-599341DE2A8C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1684C95C-91DB-493B-A530-E423F1E70F1F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{274E24F6-4EBE-44A7-8197-6115B70AB926}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{3091BB00-EE38-485E-92C8-D1BE636D1CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"{30B51EA8-6574-4AF3-B7D9-0FB04DAC41FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3498AE65-288B-4A98-91DB-DEBD83E16BDD}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{3577652A-EC4D-4B96-983A-8F8C20A3D130}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{367F6D50-7284-43CB-A639-645A2A123E68}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B1CA220-5EE4-4E09-9C4D-E2075806F023}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{3DB943A5-6C45-437E-BE2D-201FE20A3419}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{427836E5-BC21-4019-BF1D-8E27FD4E6D7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42E1969D-1C55-4427-A09F-63E806A0C387}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47F614C5-404D-4BCC-A3D5-97CEB0E9E4B1}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{4AE61588-41CD-42D2-986F-A169F8C5CDC8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4B89753B-EFB4-49C3-8CCA-15C2D1334040}" = protocol=6 | dir=out | app=system |
"{4EDA316A-A369-475B-975D-CB210E72D0A8}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{5105887A-C907-4B74-8FDE-0D82E4B5A063}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{51DF8413-81C9-409A-BBE8-8116537E35E1}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{5E21A417-CF15-4FA7-A5A4-38D4E924978F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{60151C40-D6EB-4888-B3F6-CFB75E7A5585}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{61222BEA-4A30-411A-9550-A9904F781D3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{613DF185-B209-4C7E-A617-81E36AAB2BDE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{628DF702-6F70-4906-BAD8-AA3FE089536D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{634B1295-E915-4592-8C73-510248C4F575}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{635A8C7A-1258-4B0D-8ECB-869FA6050018}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{67C9672A-561E-4DC1-800A-A345B31ECE5E}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{7432A943-0615-4C10-8E64-84A9526A532A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{75D302E5-193E-46E9-99A8-D9B99801BC2C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7993D4BC-6782-4ADD-A2B1-0B6E02F7E87B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\siansaechao\counter-strike\hl.exe |
"{7BCF0534-4277-4E96-8916-FCF0D4CDCDE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{818D8044-A9C8-4418-9861-2BB1291F4ED9}" = protocol=6 | dir=in | app=c:\users\sian\appdata\roaming\spotify\spotify.exe |
"{8998E938-6D5F-4B44-A4E1-14277589434F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{8B4557E8-B92A-4106-8E41-1F9B80D9CB1C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8D106A1B-B438-4908-A154-059B36EE010D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{8EE294F4-7E20-42FB-B1D8-2B8C50512289}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{967FF586-A7AC-4CB7-A67B-124F3C49E0AA}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{98B9E474-DD61-46A9-B37F-F5FAD4AAF36E}" = protocol=17 | dir=in | app=c:\users\sian\appdata\roaming\spotify\spotify.exe |
"{9A83AF95-155A-4FE9-B8DC-8F5C53C9E166}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9ADAB66B-F601-427C-A122-D5DC40183EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{9BA19881-390C-48ED-B41F-2E220D961C58}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{9BAF6B09-A1F0-43D8-8985-2CC500862C47}" = protocol=58 | dir=in | app=system |
"{A09F5B23-7B89-40B7-8A66-032D556B686D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A1E17E66-9C8C-4734-BF94-8F1BF412B30E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A7E52C94-A310-496D-BF4A-B1F45CD56BC9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB0E5522-FB45-43F9-BC0E-7D95FD7A6782}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC39736F-3028-4F0C-A118-55A144A4CE78}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{AC79007D-8DC5-49A2-8C7C-DCF33E31E0C1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"{ADCE2AA6-4F86-4206-9151-AF1ED67A59F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AE36F10B-174B-4EA1-A85C-2FD532E82461}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{AEC29047-E6B9-4BC4-9D64-ACB0AE9E15C7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B0B4F99A-0C5B-495D-9A6C-5D0717813DB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B40E695D-F318-4075-9BCB-B258F8F81EEB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C26DDF7C-977B-4CC0-A940-DE82F6F4822F}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{C2D79BC7-0596-4C9F-A9E2-BFBE4269D396}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C72C417C-004D-4973-9D42-AA724A356760}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{CAD48573-E14E-4EA4-999A-7E4CF70DF826}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{CC3579B9-BB4F-4A21-91A7-EE12BF1A79EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D50F244A-3FBE-43D9-AAE6-2F6762341BBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7D12C5D-6F7F-4587-8014-0C9C1D253BBA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8A325A4-9238-437E-8AAC-60E2A1332733}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{DB45CD79-E1A9-48EF-9055-9C0C8548EF2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E4560984-885C-432C-A498-6C95049EE3D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E59EC1D6-E95D-48EC-980E-5ECF0013F0F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E8C0B565-2B92-4595-A32C-5BF5562AAC68}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"{ED4D596A-99E1-416D-AB27-BA7B670F750F}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"{FCA87202-ADA5-4B52-A563-BEA24ADEA5DB}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FDC416FD-2521-4CA2-AA77-A1405B841012}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDD61745-1505-4128-A767-9F372E0694F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FFC56270-9127-4AA5-AE23-111D84D0D8D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{552A9AA3-5DEB-4C38-BB13-706AE65C4113}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{6822D4F2-6E09-4AFB-8FDA-18E420A2C1A5}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"TCP Query User{6DA2161D-7891-46C9-8EB6-1AA68D76D00C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{70E65D34-5681-476F-BB83-7E1E7F66E368}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{C00A7980-D1F4-4B78-B1AA-AF6CEC236B12}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{D2364D08-98FA-4361-B896-7F107F319DFA}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"TCP Query User{DF7BF2AA-6404-482F-88C6-961C2E6B5FEF}C:\windows\system32\migwiz\migwiz.exe" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"UDP Query User{1050148D-AC1D-4AB8-87FE-1F5A4FD727BE}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{3B01A851-6F4E-4214-B363-E31FC0F0DEDD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{3B60F13E-EE1B-4E32-A4FC-568853D52DEB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{44DA11F7-C882-4433-8865-93757329F9DC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{A7CE5275-F601-44F6-A217-F55CC7C2F2F4}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"UDP Query User{D2F7BEB6-4103-49BA-AF9D-D95C42502CF7}C:\windows\system32\migwiz\migwiz.exe" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"UDP Query User{DF504A1B-29B8-4710-B4A5-C07EFAA480BA}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 x64
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Creative OA002" = Monitor Webcam Driver (1.01.02.0804)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2E6044C5-3495-485F-91BC-46D1B6430E51}" = Windows 7 Logon Background Changer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{831E13F4-3D72-4427-9C4C-A998E5952E7E}" = Alienware On-Screen Display
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"Dell Webcam Central" = Dell Webcam Central
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"Iconix eMail ID" = Iconix® eMail ID
"InstallShield_{831E13F4-3D72-4427-9C4C-A998E5952E7E}" = Alienware On-Screen Display
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"StarCraft II" = StarCraft II
"Stardock MyColors" = Stardock MyColors
"Steam App 10" = Counter-Strike
"Steam App 41500" = Torchlight
"Steam App 570" = Dota 2
"TightVNC" = TightVNC 2.0.2
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2229391427-1754303536-809865111-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Detector Plug-in
"Winamp Toolbar" = Winamp Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2012 4:46:13 AM | Computer Name = Sian | Source = VSS | ID = 8193
Description =

Error - 11/2/2012 6:30:59 AM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 11/2/2012 6:30:59 AM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 11/2/2012 6:55:57 AM | Computer Name = Sian | Source = VSS | ID = 8193
Description =

Error - 11/2/2012 7:10:23 AM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 11/2/2012 7:10:23 AM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 11/5/2012 8:52:44 PM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1533
Description = Windows cannot delete the profile directory C:\Users\TEMP.SIAN.007.
This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.

Error - 11/5/2012 8:52:44 PM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 11/5/2012 8:52:44 PM | Computer Name = Sian | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 11/5/2012 8:53:34 PM | Computer Name = Sian | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 12/23/2012 11:11:45 PM | Computer Name = Sian | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "5C260A3B9713" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/23/2012 11:11:45 PM | Computer Name = Sian | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 0 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 12/23/2012 11:11:45 PM | Computer Name = Sian | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 12/23/2012 11:11:45 PM | Computer Name = Sian | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "889FFA691024" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/23/2012 11:11:45 PM | Computer Name = Sian | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "889FFA691024" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/23/2012 11:12:33 PM | Computer Name = Sian | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "889FFA691024" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/23/2012 11:12:33 PM | Computer Name = Sian | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "889FFA691024" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/23/2012 11:12:35 PM | Computer Name = Sian | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
Data: Error Value: 2147549183.

Error - 12/23/2012 11:12:54 PM | Computer Name = Sian | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 12/23/2012 11:13:38 PM | Computer Name = Sian | Source = DCOM | ID = 10016
Description =


< End of report >
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 12/26/2012 10:27 AM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
Sorry for late reply..........






We need to run an OTL Fix

  • Please reopen OTL on your desktop.
  • Copy and Paste the following code into the  Custom Scan textbox.

         :OTL 
·         O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [] File not found 
·         :Reg 
·          
·         :Files 
·         C:\Program Files (x86)\BitTorrent
C:\Program Files\Bonjour
·         ipconfig /flushdns /
·         :Commands 
·         [purity] 
·         [resethosts] 
·         [CreateRestorePoint] 
·         [emptytemp] 
[EMPTYFLASH]


  • Push  Run Fix Button
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click OK.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
 
 
Please download adwcleaner ->
 
 



Double click on AdwCleaner.exe to run the tool. 
***Note: Windows Vista and Windows 7 users: 
Right click in the adwCleaner.exe and select – Run as admin 
  • Click Delete. 
  • Everything that was found will be deleted. 
  • Save any open files and approve the reboot. A text file will open after the restart. 
 


 
 
 And save to the desktop.
 
After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.
 
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall.
In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.




 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 31
 
   Posted 12/26/2012 12:11 PM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
Its ok Touch, no worries. You've helped me soo much within the past years. By the way, Merry Late Christmas! :)

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2229391427-1754303536-809865111-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Registry value HKEY_USERS\S-1-5-21-2229391427-1754303536-809865111-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found.
Registry value HKEY_USERS\S-1-5-21-2229391427-1754303536-809865111-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ deleted successfully.
C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File PTYFLASH] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 12262012_000222

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 00:25:21
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sian - SIAN
# Boot Mode : Normal
# Running from : C:\Users\Sian\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Winamp Toolbar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\Sian\AppData\Local\Conduit
Folder Deleted : C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Folder Deleted : C:\Users\Sian\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Sian\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sian\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Sian\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Sian\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js

[OK] File is clean.

File : C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [18128 octets] - [26/12/2012 00:25:21]

########## EOF - C:\AdwCleaner[S1].txt - [18189 octets] ##########



ComboFix 12-12-25.02 - Sian 12/26/2012 0:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6184 [GMT -8:00]
Running from: c:\users\Sian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sian\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\Config.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 )))))))))))))))))))))))))))))))
.
.
2012-12-26 08:53 . 2012-12-26 08:53 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-12-26 08:29 . 2012-12-26 08:29 -------- dc----w- c:\users\TEMP.SIAN.015
2012-12-26 08:02 . 2012-12-26 08:02 -------- dc----w- C:\_OTL
2012-12-25 09:48 . 2012-11-08 17:24 9125352 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A3E564F-AF8E-4C12-A5C7-20932C7AC98F}\mpengine.dll
2012-12-24 00:13 . 2012-11-08 17:24 9125352 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-23 06:04 . 2012-12-23 06:05 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-23 06:04 . 2012-12-23 06:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-23 06:04 . 2012-12-23 06:05 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-23 06:04 . 2012-12-23 06:05 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-22 22:55 . 2012-12-22 22:55 -------- dc----w- c:\program files (x86)\Common Files\Java
2012-12-22 22:54 . 2012-12-22 22:52 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-22 22:54 . 2012-12-22 22:53 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-22 22:53 . 2012-12-22 22:53 -------- dc----w- c:\program files (x86)\Trend Micro
2012-12-22 22:52 . 2012-12-22 22:52 -------- dc----w- c:\programdata\McAfee
2012-12-15 09:16 . 2012-12-15 22:20 -------- dc----w- c:\users\TEMP.SIAN.014
2012-12-12 08:06 . 2012-12-13 00:17 -------- dc----w- c:\users\TEMP.SIAN.013
2012-12-12 07:48 . 2012-12-12 07:54 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 07:46 . 2012-12-12 07:50 338432 ----a-w- c:\windows\system32\conhost.exe
2012-12-12 07:43 . 2012-12-12 07:49 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 07:43 . 2012-12-12 07:49 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 05:21 . 2012-12-12 08:06 -------- dc----w- c:\users\TEMP.SIAN.012
2012-12-10 08:39 . 2012-12-12 05:21 -------- dc----w- c:\users\TEMP.SIAN.011
2012-12-08 08:58 . 2012-12-08 21:24 -------- dc----w- c:\users\TEMP.SIAN.010
2012-12-07 06:58 . 2012-12-07 06:59 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-07 06:58 . 2012-12-07 06:59 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-07 06:58 . 2012-12-07 06:59 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-07 06:58 . 2012-12-07 06:59 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-07 06:44 . 2012-12-07 06:45 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-07 06:44 . 2012-12-07 06:45 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-07 06:44 . 2012-12-07 06:45 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-07 06:44 . 2012-12-07 06:45 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-07 06:44 . 2012-12-07 06:45 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-07 06:44 . 2012-12-07 06:45 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-07 06:44 . 2012-12-07 06:45 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-03 04:07 . 2010-06-02 12:55 77656 -c--a-w- c:\windows\system32\XAPOFX1_5.dll
2012-12-03 04:06 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-12-03 01:21 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-03 01:19 . 2012-12-03 01:19 -------- dc----w- c:\program files\iPod
2012-12-03 01:19 . 2012-12-03 01:21 -------- dc----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-03 01:19 . 2012-12-03 01:21 -------- dc----w- c:\program files\iTunes
2012-12-03 01:19 . 2012-12-03 01:21 -------- dc----w- c:\program files (x86)\iTunes
2012-12-03 01:09 . 2012-12-03 01:09 -------- dc----w- c:\program files\Bonjour
2012-12-03 01:09 . 2012-12-03 01:09 -------- dc----w- c:\program files (x86)\Bonjour
2012-12-01 09:53 . 2012-12-01 09:52 972264 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7083D733-3BCA-4ECB-B1B5-2BE1E7C7DD63}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-22 22:52 . 2011-04-04 05:19 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-12 07:51 . 2011-03-24 06:59 67413224 -c--a-w- c:\windows\system32\MRT.exe
2012-12-12 07:50 . 2012-12-12 07:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-07 06:44 . 2012-12-07 06:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-12-07 06:44 . 2012-12-07 06:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-12-07 06:44 . 2012-12-07 06:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-11-02 11:03 . 2012-11-02 10:55 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-02 11:00 . 2012-11-02 10:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-11-02 10:59 . 2012-11-02 10:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-02 10:59 . 2012-11-02 10:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-11-02 10:59 . 2012-11-02 10:55 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-11-02 10:59 . 2012-11-02 10:55 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-11-02 10:58 . 2012-11-02 10:53 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-11-02 10:58 . 2012-11-02 10:53 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-11-02 10:56 . 2012-11-02 10:50 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-11-02 10:56 . 2012-11-02 10:50 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-11-02 10:56 . 2012-11-02 10:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-02 10:56 . 2012-11-02 10:50 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-02 10:56 . 2012-11-02 10:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-11-02 10:56 . 2012-11-02 10:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-07 05:18 . 2012-06-13 23:52 972192 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-06 20:42 . 2012-10-01 11:58 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-30 03:54 . 2012-06-03 20:25 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 18:32 . 2012-09-28 18:32 5989776 -c--a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 18:32 . 2012-09-28 18:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-16 1193176]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-05-13 6380400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-08-14 1362544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-12-16 1387688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 -c--a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-05-07 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-18 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R4 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2009-11-10 20392]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-19 98208]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IconixService;Iconix Update Service;c:\program files (x86)\Common Files\Iconix\IconixService.exe [2012-03-19 284512]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-29 67072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864]
S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 20:13]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 20:13]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000Core.job
- c:\users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 06:03]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000UA.job
- c:\users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 06:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-19 10144288]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-22 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-22 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-22 365592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\
FF - ExtSQL: !HIDDEN! 2010-01-17 05:54; ypvhfbosum@ypvhfbosum.org; c:\users\Sian\Application Data\Mozilla\Firefox\Profiles\zu2rtjde.default\extensions\ypvhfbosum@ypvhfbosum.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-26 00:59:09
ComboFix-quarantined-files.txt 2012-12-26 08:59
.
Pre-Run: 32,652,746,752 bytes free
Post-Run: 32,296,439,808 bytes free
.
- - End Of File - - 41E81CC31C108F657BF033ECC3301631
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 12/26/2012 12:18 PM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
By the way, Merry Late Christmas! :) Thank you, and a happy early new year to you              smile 


Do you know these folder/s:
c:\users\TEMP.SIAN.012    ?
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 31
 
   Posted 12/30/2012 11:02 AM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
Sorry for the late reply, but i do not know what those are. Should i go ahead and delete? and do you see anything in any system?

Thanks
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 12/31/2012 11:54 AM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
Have combofix to do the deleting                                ;-)




 
Open notepad and copy/paste the text in bold in  below into it:
 
Snapshot::
Folder::
c:\users\TEMP.SIAN.015
c:\users\TEMP.SIAN.014
c:\users\TEMP.SIAN.013
c:\users\TEMP.SIAN.012
c:\users\TEMP.SIAN.011
c:\users\TEMP.SIAN.010
c:\program files (x86)\BitTorrent
File::
c:\users\TEMP.SIAN.015
c:\users\TEMP.SIAN.014
c:\users\TEMP.SIAN.013
c:\users\TEMP.SIAN.012
c:\users\TEMP.SIAN.011
c:\users\TEMP.SIAN.010
 
Save this as:CFScript
 
 
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
 
Combofix will create a logfile and display it after your computer has rebooted.
 
Usually located in c:\combofix.txt, please post it to your next reply
 



Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 31
 
   Posted 1/6/2013 6:01 AM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
ComboFix 13-01-05.01 - Sian 01/05/2013 18:26:45.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.4324 [GMT -8:00]
Running from: c:\users\Sian\Desktop\ComboFix.exe
Command switches used :: c:\users\Sian\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\TEMP.SIAN.010"
"c:\users\TEMP.SIAN.011"
"c:\users\TEMP.SIAN.012"
"c:\users\TEMP.SIAN.013"
"c:\users\TEMP.SIAN.014"
"c:\users\TEMP.SIAN.015"
.
.
((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 02:01 . 2012-11-08 17:24 9125352 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8586FCE-67B0-479F-9252-F2173131DE56}\mpengine.dll
2013-01-06 01:43 . 2013-01-06 01:43 -------- dc----w- c:\users\TEMP.SIAN.015
2013-01-01 02:35 . 2012-11-08 17:24 9125352 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-26 08:02 . 2012-12-26 08:02 -------- dc----w- C:\_OTL
2012-12-23 06:04 . 2012-12-23 06:05 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-23 06:04 . 2012-12-23 06:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-23 06:04 . 2012-12-23 06:05 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-23 06:04 . 2012-12-23 06:05 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-22 22:55 . 2012-12-22 22:55 -------- dc----w- c:\program files (x86)\Common Files\Java
2012-12-22 22:54 . 2012-12-22 22:52 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-22 22:54 . 2012-12-22 22:53 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-22 22:53 . 2012-12-22 22:53 -------- dc----w- c:\program files (x86)\Trend Micro
2012-12-22 22:52 . 2012-12-22 22:52 -------- dc----w- c:\programdata\McAfee
2012-12-15 09:16 . 2012-12-15 22:20 -------- dc----w- c:\users\TEMP.SIAN.014
2012-12-12 08:06 . 2012-12-13 00:17 -------- dc----w- c:\users\TEMP.SIAN.013
2012-12-12 07:48 . 2012-12-12 07:54 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 07:46 . 2012-12-12 07:50 338432 ----a-w- c:\windows\system32\conhost.exe
2012-12-12 07:43 . 2012-12-12 07:49 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 07:43 . 2012-12-12 07:49 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 05:21 . 2012-12-12 08:06 -------- dc----w- c:\users\TEMP.SIAN.012
2012-12-10 08:39 . 2012-12-12 05:21 -------- dc----w- c:\users\TEMP.SIAN.011
2012-12-08 08:58 . 2012-12-08 21:24 -------- dc----w- c:\users\TEMP.SIAN.010
2012-12-07 06:58 . 2012-12-07 06:59 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-07 06:58 . 2012-12-07 06:59 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-07 06:58 . 2012-12-07 06:59 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-07 06:58 . 2012-12-07 06:59 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-07 06:44 . 2012-12-07 06:45 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-07 06:44 . 2012-12-07 06:45 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-07 06:44 . 2012-12-07 06:45 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-07 06:44 . 2012-12-07 06:45 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-07 06:44 . 2012-12-07 06:45 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-07 06:44 . 2012-12-07 06:45 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-07 06:44 . 2012-12-07 06:45 229888 ----a-w- c:\windows\system32\WUDFHost.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-22 22:52 . 2011-04-04 05:19 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-12 07:51 . 2011-03-24 06:59 67413224 -c--a-w- c:\windows\system32\MRT.exe
2012-12-12 07:50 . 2012-12-12 07:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-07 06:44 . 2012-12-07 06:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-12-07 06:44 . 2012-12-07 06:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-12-07 06:44 . 2012-12-07 06:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-12-01 09:52 . 2012-12-01 09:53 972264 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7083D733-3BCA-4ECB-B1B5-2BE1E7C7DD63}\gapaengine.dll
2012-11-02 11:03 . 2012-11-02 10:55 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-02 11:00 . 2012-11-02 10:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-11-02 10:59 . 2012-11-02 10:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-02 10:59 . 2012-11-02 10:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-11-02 10:59 . 2012-11-02 10:55 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-11-02 10:59 . 2012-11-02 10:55 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-11-02 10:58 . 2012-11-02 10:53 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-11-02 10:58 . 2012-11-02 10:53 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-11-02 10:56 . 2012-11-02 10:50 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-11-02 10:56 . 2012-11-02 10:50 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-11-02 10:56 . 2012-11-02 10:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-02 10:56 . 2012-11-02 10:50 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-02 10:56 . 2012-11-02 10:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-11-02 10:56 . 2012-11-02 10:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Sian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-16 1193176]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-05-13 6380400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-08-14 1362544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"FAStartup"="" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-12-16 1387688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 -c--a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-05-07 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-18 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R4 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2009-11-10 20392]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-19 98208]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IconixService;Iconix Update Service;c:\program files (x86)\Common Files\Iconix\IconixService.exe [2012-03-19 284512]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-29 67072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864]
S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 20:13]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 20:13]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000Core.job
- c:\users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 06:03]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229391427-1754303536-809865111-1000UA.job
- c:\users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 06:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-19 10144288]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-22 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-22 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-22 365592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\zu2rtjde.default\
FF - ExtSQL: !HIDDEN! 2010-01-17 05:54; ypvhfbosum@ypvhfbosum.org; c:\users\Sian\Application Data\Mozilla\Firefox\Profiles\zu2rtjde.default\extensions\ypvhfbosum@ypvhfbosum.org.xpi
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-05 18:53:32
ComboFix-quarantined-files.txt 2013-01-06 02:53
ComboFix2.txt 2012-12-26 08:59
.
Pre-Run: 26,497,720,320 bytes free
Post-Run: 25,494,675,456 bytes free
.
- - End Of File - - ADAAF2BB4C789A01F23F1E24F484DC84
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 1/8/2013 11:42 PM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
Please tell how things are running now ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 31
 
   Posted 1/9/2013 10:35 PM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
Hi Touch!

Things are running a LOT faster now! hop the only thing that still happens are website reroute. I google something and when I click on the link, it'll bring me to some phishing site. Any clues on why this is still happening? Much appreciated. Thanks
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 1/12/2013 10:23 AM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
See if Microsoft's own solution may do the trick, so you do not end up on Phishing sites ?



Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

sianbootay
New Member




Date Joined Aug 2006
Total Posts : 31
 
   Posted 1/12/2013 12:09 PM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
I do, but i close it immediately. I usually pay attention to the URL. I will give this a shot and see what happens. Will keep you updated.

Thanks
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 1/14/2013 12:33 PM (GMT +3)    Quote: DOS/SMURF Attacks, Webpage re-routes, HELP!Alert an admin about: DOS/SMURF Attacks, Webpage re-routes, HELP!
"Will keep you updated".
 
 
 
 
OK                :-)


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
New Topic Post reply to : DOS/SMURF Attacks, Webpage re-routes, HELP! Printable version of : DOS/SMURF Attacks, Webpage re-routes, HELP!
 
Forum Information
Currently it is Tuesday, October 21, 2014 4:39 PM (GMT +3)
There are a total of 60,667 posts in 13,333 threads.
In the last 3 days there were 4 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36543 registered members. Please welcome our newest member, Aascreens.
4 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Errors, warnings, infections, trojans and junk (1)10/21/2014 1:38:01 PM (Touch)
Cheap kitchen Appliances (0)10/21/2014 12:05:02 PM (mbogawesepi)
Cheap kitchen Appliances (0)10/21/2014 4:16:57 AM (darahtua)
I very satisfy of this product and I decide to buy it (0)10/21/2014 12:33:09 AM (jaksum)