[Not curable - Sality] Malware + PUM.Disabled. Security Center

Inactive
By Nazrin Azman
Apr 8, 2013
  1. I dont know why my pc become slower....I see my CPU usage is 100% , I tried to end task the program , then another program use lot CPU , I do it the step again , same result...

    I scan my PC with malwarebytes anti malware then I got this result


    1 malware.packer.gen, 3 PUM.Disabled. Security Center
  2. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    From Malwarebytes anti - malware

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.04.08.02

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    User :: USER-PC [administrator]

    Protection: Enabled

    4/8/2013 10:38:53 PM
    MBAM-log-2013-04-08 (22-48-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199161
    Time elapsed: 6 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\hddl.pif (Malware.Packer.Gen) -> No action taken.

    (end)
  4. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    From dds attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/19/2013 1:38:32 PM
    System Uptime: 4/8/2013 7:27:47 PM (1 hours ago)
    .
    Motherboard: ASRock | | N68C-GS FX
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | CPUSocket | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 73 GiB total, 10.593 GiB free.
    D: is FIXED (NTFS) - 76 GiB total, 29.119 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&1A2227A&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&1A2227A&0&01
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Reader XI (11.0.02)
    Advanced Task Manager for Windows Vista & Windows XP
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD VISION Engine Control Center
    ASRock XFast RAM v2.0.28
    Assassin's Creed III
    AutoHotkey 1.1.09.03
    AVG SafeGuard toolbar
    Avira Free Antivirus
    Bandicam
    Bandisoft MPEG-1 Decoder
    BitTorrent
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cheat Engine 6.2
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Command & Conquer Generals
    Command and ConquerTM Generals Zero Hour
    CyberLink PowerDVD 11
    Dota 2
    Fraps
    GOM Player
    Google Chrome
    Graboid Video 3.84
    Graboid Video 3.84 Setup
    Internet Download Manager
    Java 7 Update 15
    Java Auto Updater
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XML Parser
    Mozilla Firefox 19.0.2 (x86 en-US)
    Mozilla Maintenance Service
    Nero 8
    neroxml
    NetCut 2.1.4
    Notepad++
    NVIDIA Drivers
    NVIDIA PhysX
    OpenAL
    Portal 2
    RAR Password Cracker 4.12
    Real Alternative 2.0.2
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek HDMI Audio Driver for ATI
    RealUpgrade 1.1
    Sniper Ghost Warrior
    Steam
    System Requirements Lab Detection
    Team Fortress 2
    TeamSpeak 3 Client
    TP-LINK Wireless Client Utility
    Uplay
    VCRedistSetup
    VLC media player 1.0.1
    Winamp
    Winamp Detector Plug-in
    WinPcap 4.1.2
    WinRAR 4.20 (32-bit)
    World of Tanks
    XFast LAN v6.61
    YTD Video Downloader 4.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/8/2013 7:58:04 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.
    4/8/2013 7:58:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
    4/8/2013 7:28:24 PM, Error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The system cannot find the file specified.
    4/8/2013 7:28:17 PM, Error: Service Control Manager [7000] - The Arp Intelligent Protection Service service failed to start due to the following error: The system cannot find the file specified.
    4/6/2013 11:19:51 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    4/5/2013 11:31:27 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    4/3/2013 8:14:57 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 64-27-37-07-83-50. Network operations on this system may be disrupted as a result.
    4/2/2013 7:53:23 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    4/2/2013 7:02:00 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
    4/2/2013 7:01:25 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    4/2/2013 7:00:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
    4/2/2013 7:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    4/2/2013 7:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/2/2013 7:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    4/2/2013 7:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    4/2/2013 7:00:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/2/2013 7:00:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cFosSpeed CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/2/2013 6:27:05 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 64-27-37-07-83-50. Network operations on this system may be disrupted as a result.
    4/1/2013 9:42:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
    4/1/2013 9:42:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x00000008, 0x807c8750, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
    4/1/2013 9:42:43 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================
  5. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    From dds.txt

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.15.2
    Run by User at 20:56:26 on 2013-04-08
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.1006 [GMT 8:00]
    .
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\ASRock\XFast LAN\spd.exe
    C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
    C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
    C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
    C:\Windows\system32\viakaraokesrv.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\TP-LINK\COMMON\TWCU.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://friendly-google-search.blogspot.com
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [XFast LAN] c:\program files\asrock\xfast lan\cFosSpeed.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\common\TWCU.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\237344232403 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\237344232403 : DHCPNameServer = 122.255.99.228 122.255.99.236
    TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\E474D284F4F494D2847514E474 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\E474D284F4F494D2847514E474 : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\a8918prj.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=gm011&pr=sa&d=2013-04-02 20:58:17&v=14.2.0.1&pid=safeguard&sg=2&sap=hp
    FF - prefs.js: keyword.URL - hxxp://mysearch.avg.com/search?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=gm011&pr=sa&d=2013-04-02 20:58:17&pid=safeguard&sg=2&v=14.0.0.12&sap=ku&q=
    FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
    FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-02-19 16:38; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    FF - ExtSQL: 2013-02-20 10:36; mozilla_cc@internetdownloadmanager.com; c:\users\user\appdata\roaming\idm\idmmzcc5
    FF - ExtSQL: 2013-02-22 15:45; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\user\appdata\roaming\mozilla\firefox\profiles\a8918prj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    FF - ExtSQL: 2013-04-02 20:58; avg@toolbar; c:\programdata\avg safeguard toolbar\firefoxext\14.2.0.1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AsrRamDisk;AsrRamDisk;c:\windows\system32\drivers\AsrRamDisk.sys [2013-2-26 33104]
    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-2-22 13560]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-4-2 33112]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-4-2 37352]
    R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/02/19 16:27:30];c:\program files\cyberlink\powerdvd11\common\navfilter\000.fcl [2013-2-19 77296]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-2-19 219136]
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-12-19 291840]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-4-2 86752]
    R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-4-2 110816]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-4-2 84744]
    R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\CLHNServiceForPowerDVD.exe [2013-2-19 83240]
    R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSMonitorService.exe [2013-2-19 70952]
    R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSServer.exe [2013-2-19 312616]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-5-4 96056]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-8 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-8 682344]
    R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\ntk_PowerDVD.sys [2013-2-19 71664]
    R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\tp-link\common\RaRegistry.exe [2013-2-19 374112]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-9-12 66344]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2013-2-19 27760]
    R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-4-3 968880]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-2-19 84992]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-8 21104]
    R3 netr28u;TP-LINK Wireless USB Adapter;c:\windows\system32\drivers\netr28u.sys [2013-2-19 1174880]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-2-19 1814640]
    S2 Ad-Aware Service;Ad-Aware Service;"c:\program files\ad-aware antivirus\adawareservice.exe" --> c:\program files\ad-aware antivirus\AdAwareService.exe [?]
    S2 AIPS;Arp Intelligent Protection Service;c:\program files\netcut\services\aips.exe --> c:\program files\netcut\services\AIPS.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SBAMSvc;Ad-Aware;"c:\program files\ad-aware antivirus\sbamsvc.exe" --> c:\program files\ad-aware antivirus\SBAMSvc.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
    S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-2-23 33616]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-24 21504]
    S3 TpMediaServer;TpMediaServer;c:\program files\tp-link\common\RaMediaServer.exe [2013-2-19 689504]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-19 1343400]
    S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-14 1436160]
    .
    =============== Created Last 30 ================
    .
    2013-04-08 12:48:27--------d-----w-c:\users\user\appdata\local\ElevatedDiagnostics
    2013-04-08 11:15:07--------d-----w-c:\users\user\appdata\roaming\Malwarebytes
    2013-04-08 11:14:52--------d-----w-c:\programdata\Malwarebytes
    2013-04-08 11:14:5121104----a-w-c:\windows\system32\drivers\mbam.sys
    2013-04-08 11:14:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-04-08 11:03:29--------d-----w-c:\program files\Innovative Solutions
    2013-04-03 09:34:50--------d-----w-c:\programdata\YTD Video Downloader
    2013-04-03 09:34:47--------d-----w-c:\program files\GreenTree Applications
    2013-04-03 09:30:09--------d-----w-c:\programdata\YTD YouTube Downloader & Converter
    2013-04-02 12:59:12--------d-----w-c:\users\user\appdata\local\AVG SafeGuard toolbar
    2013-04-02 12:58:1433112----a-w-c:\windows\system32\drivers\avgtpx86.sys
    2013-04-02 12:58:08--------d-----w-c:\program files\common files\AVG Secure Search
    2013-04-02 12:57:45--------d-----w-c:\programdata\AVG SafeGuard toolbar
    2013-04-02 12:57:44--------d--h--w-c:\programdata\Common Files
    2013-04-02 12:23:36--------d-----w-c:\users\user\appdata\roaming\Avira
    2013-04-02 12:10:4584744----a-w-c:\windows\system32\drivers\avgntflt.sys
    2013-04-02 12:10:4537352----a-w-c:\windows\system32\drivers\avkmgr.sys
    2013-04-02 12:10:42--------d-----w-c:\programdata\Avira
    2013-04-02 12:10:42--------d-----w-c:\program files\Avira
    2013-04-02 09:29:29--------d-----w-c:\users\user\appdata\local\Apps
    2013-04-02 07:46:266991832----a-w-c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2013-04-02 07:46:217108640----a-w-c:\programdata\microsoft\windows defender\definition updates\{3b61d3e6-de3c-40f1-9da4-d432df1eb3d0}\mpengine.dll
    2013-04-02 07:46:21232336------w-c:\windows\system32\MpSigStub.exe
    2013-04-01 13:59:04--------d-----w-c:\users\user\appdata\local\BridgeProject
    2013-04-01 13:59:04--------d-----w-c:\programdata\Steam
    2013-04-01 13:54:41--------d-----w-c:\program files\Bridge Project
    2013-04-01 09:01:53138032----a-w-c:\windows\system32\drivers\PnkBstrK.sys
    2013-04-01 09:01:46281688----a-w-c:\windows\system32\PnkBstrB.exe
    2013-04-01 09:01:46281688----a-w-c:\windows\system32\PnkBstrB.ex0
    2013-04-01 09:01:36281688----a-w-c:\windows\system32\PnkBstrB.xtr
    2013-04-01 09:01:2276888----a-w-c:\windows\system32\PnkBstrA.exe
    2013-04-01 09:01:22--------d-----w-c:\users\user\appdata\local\PunkBuster
    2013-04-01 09:00:10--------d-----w-c:\users\user\appdata\roaming\Theta
    2013-03-28 08:20:063936----a-w-C:\STF1B68.tmp
    2013-03-28 08:09:133936----a-w-C:\STF23F3.tmp
    2013-03-28 07:51:333936----a-w-C:\STFF425.tmp
    2013-03-28 07:08:293936----a-w-C:\STF87BC.tmp
    2013-03-28 02:34:333810----a-w-C:\STFE65B.tmp
    2013-03-27 14:56:133810----a-w-C:\STF45A2.tmp
    2013-03-27 09:18:023810----a-w-C:\STFA912.tmp
    2013-03-27 09:02:303810----a-w-C:\STF6F67.tmp
    2013-03-27 08:06:173810----a-w-C:\STFF721.tmp
    2013-03-26 10:45:033810----a-w-C:\STF247A.tmp
    2013-03-26 09:55:403810----a-w-C:\STFEF6A.tmp
    2013-03-25 09:16:283902----a-w-C:\STFF2CE.tmp
    2013-03-25 09:02:333472----a-w-C:\STF33FC.tmp
    2013-03-25 09:00:493472----a-w-C:\STF9F60.tmp
    2013-03-25 08:49:183902----a-w-C:\STF11A7.tmp
    2013-03-25 08:46:383472----a-w-C:\STFA00A.tmp
    2013-03-25 08:44:353472----a-w-C:\STFBF71.tmp
    2013-03-25 08:43:023472----a-w-C:\STF55AF.tmp
    2013-03-25 08:07:213862----a-w-C:\STFABAE.tmp
    2013-03-25 08:05:53--------d-----w-c:\users\user\appdata\local\by_dekart811
    2013-03-25 08:04:23--------d-----w-c:\users\user\appdata\roaming\FAH
    2013-03-25 07:38:14--------d-----w-c:\users\user\appdata\local\LogMeIn Hamachi
    2013-03-25 07:37:06--------d-----w-c:\program files\LogMeIn Hamachi
    2013-03-25 07:31:183862----a-w-C:\STFA9D9.tmp
    2013-03-25 07:17:483844----a-w-C:\STF4D5A.tmp
    2013-03-25 07:13:333844----a-w-C:\STF6B26.tmp
    2013-03-25 07:00:52--------d-----w-c:\users\user\appdata\local\SKIDROW
    2013-03-23 07:28:34--------d-----w-c:\program files\Cheat Engine 6.2
    2013-03-22 14:46:03--------d-----w-c:\windows\system32\drivers\VDD
    2013-03-22 14:46:03--------d-----w-c:\program files\Ad-Aware Antivirus
    2013-03-22 14:41:08--------d-----w-c:\users\user\appdata\roaming\Ad-Aware Antivirus
    2013-03-18 03:58:57--------d-----w-c:\programdata\REVOLT
    2013-03-17 00:35:58--------d-----w-c:\users\user\appdata\local\wanted
    2013-03-17 00:35:58--------d-----w-c:\programdata\wanted
    2013-03-15 09:38:48--------d-----w-c:\users\user\appdata\local\salvation
    2013-03-15 09:38:48--------d-----w-c:\programdata\salvation
    2013-03-15 09:34:15--------d-----w-c:\program files\OpenAL
    2013-03-15 09:34:14418480----a-w-c:\windows\system32\wrap_oal.dll
    2013-03-15 09:34:14115432----a-w-c:\windows\system32\OpenAL32.dll
    2013-03-15 09:34:09--------d-----w-c:\windows\system32\AGEIA
    2013-03-15 09:33:58--------d-----w-c:\program files\common files\Wise Installation Wizard
    2013-03-15 09:33:52--------d-----w-c:\windows\system32\directx
    2013-03-14 06:55:43--------d-----w-c:\users\user\appdata\roaming\ScreenSeven
    2013-03-11 13:54:46--------d-----w-c:\program files\RAR Password Cracker
    2013-03-11 07:30:42--------d-----w-c:\users\user\appdata\roaming\BitTorrent
    .
    ==================== Find3M ====================
    .
    2013-04-02 11:01:1344424----a-w-c:\windows\system32\sbbd.exe
    2013-04-02 11:01:1313560----a-w-c:\windows\system32\drivers\gfibto.sys
    2013-02-23 07:45:4094112----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2013-02-23 07:45:38861088----a-w-c:\windows\system32\npDeployJava1.dll
    2013-02-23 07:45:38782240----a-w-c:\windows\system32\deployJava1.dll
    2013-02-19 12:49:340----a-w-c:\windows\ativpsrm.bin
    2013-02-19 08:50:18811520----a-w-c:\windows\system32\user32.dll
    2013-02-19 08:50:18409088----a-w-c:\windows\system32\systemcpl.dll
    2013-02-19 08:50:1813824----a-w-c:\windows\system32\slwga.dll
    2013-02-19 08:38:15499712----a-w-c:\windows\system32\msvcp71.dll
    2013-02-19 08:38:15348160----a-w-c:\windows\system32\msvcr71.dll
    2013-01-29 10:17:3218800----a-w-c:\windows\system32\roboot.exe
    .
    ============= FINISH: 20:57:20.41 ===============
  6. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.
  7. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.04.08.04

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    User :: USER-PC [administrator]

    Protection: Enabled

    4/8/2013 11:48:50 PM
    mbam-log-2013-04-08 (23-48-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199071
    Time elapsed: 7 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  8. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    :eek: how thatmalware gone...
  9. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  10. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    2 log From RKreport
    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : User [Admin rights]
    Mode : Scan -- Date : 04/09/2013 00:23:44
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\RunOnce : Z1 (cmd /c "C:\Users\User\Desktop\New folder (2)\mbar\mbar.exe" /cleanup /s) [7] -> FOUND
    [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
    [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
    [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[84] : NtCreateSection @ 0x8322722D -> HOOKED (Unknown @ 0x8E1088FE)
    SSDT[299] : NtRequestWaitReplyPort @ 0x83241C19 -> HOOKED (Unknown @ 0x8E108908)
    SSDT[316] : NtSetContextThread @ 0x832E11AB -> HOOKED (Unknown @ 0x8E108903)
    SSDT[347] : NtSetSecurityObject @ 0x83205816 -> HOOKED (Unknown @ 0x8E10890D)
    SSDT[368] : NtSystemDebugControl @ 0x832898AE -> HOOKED (Unknown @ 0x8E108912)
    SSDT[370] : NtTerminateProcess @ 0x8325EDB1 -> HOOKED (Unknown @ 0x8E10889F)
    S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8E108926)
    S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8E10892B)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: MAXTOR S TM3160815AS SCSI Disk Device +++++
    --- User ---
    [MBR] d4947121f23b9b07af67c865887b739c
    [BSP] 5f62c761c03b39cb976c3953aead3334 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74897 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153597465 | Size: 77618 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[3]_S_04092013_02d0023.txt >>
    RKreport[1]_S_04092013_02d0006.txt ; RKreport[2]_D_04092013_02d0007.txt ; RKreport[3]_S_04092013_02d0023.txt


    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : User [Admin rights]
    Mode : Remove -- Date : 04/09/2013 00:25:03
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\RunOnce : Z1 (cmd /c "C:\Users\User\Desktop\New folder (2)\mbar\mbar.exe" /cleanup /s) [7] -> DELETED
    [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
    [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
    [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[84] : NtCreateSection @ 0x8322722D -> HOOKED (Unknown @ 0x8E1088FE)
    SSDT[299] : NtRequestWaitReplyPort @ 0x83241C19 -> HOOKED (Unknown @ 0x8E108908)
    SSDT[316] : NtSetContextThread @ 0x832E11AB -> HOOKED (Unknown @ 0x8E108903)
    SSDT[347] : NtSetSecurityObject @ 0x83205816 -> HOOKED (Unknown @ 0x8E10890D)
    SSDT[368] : NtSystemDebugControl @ 0x832898AE -> HOOKED (Unknown @ 0x8E108912)
    SSDT[370] : NtTerminateProcess @ 0x8325EDB1 -> HOOKED (Unknown @ 0x8E10889F)
    S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8E108926)
    S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8E10892B)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: MAXTOR S TM3160815AS SCSI Disk Device +++++
    --- User ---
    [MBR] d4947121f23b9b07af67c865887b739c
    [BSP] 5f62c761c03b39cb976c3953aead3334 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74897 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153597465 | Size: 77618 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[4]_D_04092013_02d0025.txt >>
    RKreport[1]_S_04092013_02d0006.txt ; RKreport[2]_D_04092013_02d0007.txt ; RKreport[3]_S_04092013_02d0023.txt ; RKreport[4]_D_04092013_02d0025.txt


    (PS:report 1 and 2 is mistaken step so I redo it again)
  11. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    MBAR LOG

    Malwarebytes Anti-Rootkit BETA 1.01.0.1022
    www.malwarebytes.org

    Database version: v2013.03.21.13

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    User :: USER-PC [administrator]

    4/9/2013 12:34:25 AM
    mbar-log-2013-04-09 (00-34-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 27896
    Time elapsed: 8 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    system log

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1022

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.109000 GHz
    Memory total: 2146689024, free: 450605056

    ------------ Kernel report ------------
    04/09/2013 00:09:27
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\gfibto.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\nvstor.sys
    \SystemRoot\system32\drivers\storport.sys
    \SystemRoot\system32\DRIVERS\AsrRamDisk.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx86.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\cfosspeed6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\ssmdrv.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avkmgr.sys
    \SystemRoot\system32\DRIVERS\avipbb.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdk8.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\nvmf6232.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\viahduaa.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\AtihdW73.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\netr28u.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_nvstor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\sbapifs.sys
    \SystemRoot\system32\DRIVERS\avgntflt.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\parvdm.sys
    \SystemRoot\system32\DRIVERS\idmwfp.sys
    \??\C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \??\C:\Windows\system32\drivers\TrueSight.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86096030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000067\
    Lower Device Object: 0xffffffff85d6cc68
    Lower Device Driver Name: \Driver\nvstor\
    Driver name found: nvstor
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86096030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff860952b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86096030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff85d6c9d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff85d6cc68, DeviceName: \Device\00000067\, DriverName: \Driver\nvstor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffa30a85b8, 0xffffffff86096030, 0xffffffff88578a38
    Lower DeviceData: 0xffffffffa3631ee0, 0xffffffff85d6cc68, 0xffffffff8540a4f0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: BA39BA39

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 153389056

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 153597465 Numsec = 158963175

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
    Done!
    Performing system, memory and registry scan...
    Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]
    Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify --> [PUM.Disabled.SecurityCenter]
    Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify --> [PUM.Disabled.SecurityCenter]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1022

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.109000 GHz
    Memory total: 2146689024, free: 1097252864

    ------------ Kernel report ------------
    04/09/2013 00:26:02
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\gfibto.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\nvstor.sys
    \SystemRoot\system32\drivers\storport.sys
    \SystemRoot\system32\DRIVERS\AsrRamDisk.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx86.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\cfosspeed6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\ssmdrv.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avkmgr.sys
    \SystemRoot\system32\DRIVERS\avipbb.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdk8.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\nvmf6232.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\viahduaa.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\AtihdW73.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\netr28u.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_nvstor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\sbapifs.sys
    \SystemRoot\system32\DRIVERS\avgntflt.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\parvdm.sys
    \SystemRoot\system32\DRIVERS\idmwfp.sys
    \??\C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \??\C:\Windows\system32\drivers\TrueSight.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86096030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000067\
    Lower Device Object: 0xffffffff85d6cc68
    Lower Device Driver Name: \Driver\nvstor\
    Device already Exists: 0xffffffff8540a4f0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86096030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff860952b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86096030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff85d6c9d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff85d6cc68, DeviceName: \Device\00000067\, DriverName: \Driver\nvstor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffa33e3ed8, 0xffffffff86096030, 0xffffffff88578a38
    Lower DeviceData: 0xffffffffae445440, 0xffffffff85d6cc68, 0xffffffff8540a4f0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: BA39BA39

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 153389056

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 153597465 Numsec = 158963175

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
    Done!
    Performing system, memory and registry scan...
    Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]
    Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify --> [PUM.Disabled.SecurityCenter]
    Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify --> [PUM.Disabled.SecurityCenter]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================
     
  12. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  13. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    From ComboFix ,

    ComboFix 13-04-08.04 - User 04/09/2013 13:04:10.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.976 [GMT 8:00]
    Running from: c:\users\User\Downloads\Programs\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\autorun.inf
    c:\windows\system32\roboot.exe
    D:\Autorun.inf
    D:\bdahbb.pif
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-09 05:11 . 2013-04-09 05:13--------d-----w-c:\users\User\AppData\Local\temp
    2013-04-09 05:11 . 2013-04-09 05:11--------d-----w-c:\users\Default\AppData\Local\temp
    2013-04-08 12:48 . 2013-04-08 12:51--------d-----w-c:\users\User\AppData\Local\ElevatedDiagnostics
    2013-04-08 11:15 . 2013-04-08 11:15--------d-----w-c:\users\User\AppData\Roaming\Malwarebytes
    2013-04-08 11:14 . 2013-04-08 11:14--------d-----w-c:\programdata\Malwarebytes
    2013-04-08 11:14 . 2013-04-08 11:14--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-04-08 11:14 . 2012-12-14 08:4921104----a-w-c:\windows\system32\drivers\mbam.sys
    2013-04-08 11:03 . 2013-04-08 11:03--------d-----w-c:\program files\Innovative Solutions
    2013-04-03 09:34 . 2013-04-03 09:34--------d-----w-c:\programdata\YTD Video Downloader
    2013-04-03 09:34 . 2013-04-03 09:34--------d-----w-c:\program files\GreenTree Applications
    2013-04-03 09:30 . 2013-04-03 09:30--------d-----w-c:\programdata\YTD YouTube Downloader & Converter
    2013-04-02 12:59 . 2013-04-02 12:59--------d-----w-c:\users\User\AppData\Local\AVG SafeGuard toolbar
    2013-04-02 12:58 . 2013-04-03 13:2633112----a-w-c:\windows\system32\drivers\avgtpx86.sys
    2013-04-02 12:58 . 2013-04-02 12:58--------d-----w-c:\program files\Common Files\AVG Secure Search
    2013-04-02 12:57 . 2013-04-02 12:58--------d-----w-c:\programdata\AVG SafeGuard toolbar
    2013-04-02 12:57 . 2013-04-02 12:57--------d--h--w-c:\programdata\Common Files
    2013-04-02 12:23 . 2013-04-02 12:23--------d-----w-c:\users\User\AppData\Roaming\Avira
    2013-04-02 12:10 . 2013-03-06 07:1337352----a-w-c:\windows\system32\drivers\avkmgr.sys
    2013-04-02 12:10 . 2013-02-27 04:2284744----a-w-c:\windows\system32\drivers\avgntflt.sys
    2013-04-02 12:10 . 2013-02-27 04:22135136----a-w-c:\windows\system32\drivers\avipbb.sys
    2013-04-02 12:10 . 2013-04-02 12:10--------d-----w-c:\programdata\Avira
    2013-04-02 12:10 . 2013-04-02 12:10--------d-----w-c:\program files\Avira
    2013-04-02 11:02 . 2013-04-02 11:02--------d-----w-c:\users\User\AppData\Roaming\Nero
    2013-04-02 09:29 . 2013-04-02 09:29--------d-----w-c:\users\User\AppData\Local\Apps
    2013-04-02 07:46 . 2013-03-18 21:507108640----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B61D3E6-DE3C-40F1-9DA4-D432DF1EB3D0}\mpengine.dll
    2013-04-02 07:46 . 2013-01-16 17:28232336------w-c:\windows\system32\MpSigStub.exe
    2013-04-01 13:59 . 2013-04-01 13:59--------d-----w-c:\users\User\AppData\Local\BridgeProject
    2013-04-01 13:59 . 2013-04-01 13:59--------d-----w-c:\programdata\Steam
    2013-04-01 13:54 . 2013-04-02 11:38--------d-----w-c:\program files\Bridge Project
    2013-04-01 09:01 . 2013-04-07 16:34138032----a-w-c:\windows\system32\drivers\PnkBstrK.sys
    2013-04-01 09:01 . 2013-04-08 11:35281688----a-w-c:\windows\system32\PnkBstrB.exe
    2013-04-01 09:01 . 2013-04-07 16:33281688----a-w-c:\windows\system32\PnkBstrB.ex0
    2013-04-01 09:01 . 2013-04-08 11:35281688----a-w-c:\windows\system32\PnkBstrB.xtr
    2013-04-01 09:01 . 2013-04-01 09:0176888----a-w-c:\windows\system32\PnkBstrA.exe
    2013-04-01 09:01 . 2013-04-01 09:01--------d-----w-c:\users\User\AppData\Local\PunkBuster
    2013-04-01 09:00 . 2013-04-01 09:00--------d-----w-c:\users\User\AppData\Roaming\Theta
    2013-03-28 13:20 . 2013-03-28 13:20--------d-----w-c:\program files\Ubisoft
    2013-03-28 08:20 . 2013-03-28 08:203936----a-w-C:\STF1B68.tmp
    2013-03-28 08:09 . 2013-03-28 08:093936----a-w-C:\STF23F3.tmp
    2013-03-28 07:51 . 2013-03-28 07:513936----a-w-C:\STFF425.tmp
    2013-03-28 07:08 . 2013-03-28 07:083936----a-w-C:\STF87BC.tmp
    2013-03-28 02:34 . 2013-03-28 02:343810----a-w-C:\STFE65B.tmp
    2013-03-27 14:56 . 2013-03-27 14:563810----a-w-C:\STF45A2.tmp
    2013-03-27 09:18 . 2013-03-27 09:183810----a-w-C:\STFA912.tmp
    2013-03-27 09:02 . 2013-03-27 09:023810----a-w-C:\STF6F67.tmp
    2013-03-27 08:06 . 2013-03-27 08:063810----a-w-C:\STFF721.tmp
    2013-03-26 10:45 . 2013-03-26 10:453810----a-w-C:\STF247A.tmp
    2013-03-26 09:55 . 2013-03-26 09:553810----a-w-C:\STFEF6A.tmp
    2013-03-25 09:16 . 2013-03-25 09:163902----a-w-C:\STFF2CE.tmp
    2013-03-25 09:02 . 2013-03-25 09:023472----a-w-C:\STF33FC.tmp
    2013-03-25 09:00 . 2013-03-25 09:003472----a-w-C:\STF9F60.tmp
    2013-03-25 08:49 . 2013-03-25 08:493902----a-w-C:\STF11A7.tmp
    2013-03-25 08:46 . 2013-03-25 08:463472----a-w-C:\STFA00A.tmp
    2013-03-25 08:44 . 2013-03-25 08:443472----a-w-C:\STFBF71.tmp
    2013-03-25 08:43 . 2013-03-25 08:433472----a-w-C:\STF55AF.tmp
    2013-03-25 08:07 . 2013-03-25 08:073862----a-w-C:\STFABAE.tmp
    2013-03-25 08:05 . 2013-03-25 08:05--------d-----w-c:\users\User\AppData\Local\by_dekart811
    2013-03-25 08:04 . 2013-03-25 16:21--------d-----w-c:\users\User\AppData\Roaming\FAH
    2013-03-25 07:38 . 2013-04-02 15:20--------d-----w-c:\users\User\AppData\Local\LogMeIn Hamachi
    2013-03-25 07:37 . 2013-04-03 04:28--------d-----w-c:\program files\LogMeIn Hamachi
    2013-03-25 07:31 . 2013-03-25 07:313862----a-w-C:\STFA9D9.tmp
    2013-03-25 07:17 . 2013-03-25 07:173844----a-w-C:\STF4D5A.tmp
    2013-03-25 07:13 . 2013-03-25 07:133844----a-w-C:\STF6B26.tmp
    2013-03-25 07:00 . 2013-03-25 07:00--------d-----w-c:\users\User\AppData\Local\SKIDROW
    2013-03-23 07:28 . 2013-03-23 07:28--------d-----w-c:\program files\Cheat Engine 6.2
    2013-03-22 14:46 . 2013-03-22 14:46--------d-----w-c:\programdata\Lavasoft
    2013-03-22 14:46 . 2013-04-02 12:26--------d-----w-c:\program files\Ad-Aware Antivirus
    2013-03-22 14:46 . 2013-03-22 14:46--------d-----w-c:\windows\system32\drivers\VDD
    2013-03-22 14:41 . 2013-03-22 15:57--------d-----w-c:\users\User\AppData\Roaming\Ad-Aware Antivirus
    2013-03-18 03:58 . 2013-03-18 03:58--------d-----w-c:\programdata\REVOLT
    2013-03-17 00:35 . 2013-03-17 00:36--------d-----w-c:\users\User\AppData\Local\wanted
    2013-03-17 00:35 . 2013-03-17 00:35--------d-----w-c:\programdata\wanted
    2013-03-15 09:38 . 2013-03-15 09:38--------d-----w-c:\users\User\AppData\Local\salvation
    2013-03-15 09:38 . 2013-03-15 09:38--------d-----w-c:\programdata\salvation
    2013-03-15 09:34 . 2013-03-15 09:34--------d-----w-c:\program files\OpenAL
    2013-03-15 09:34 . 2013-03-15 09:34418480----a-w-c:\windows\system32\wrap_oal.dll
    2013-03-15 09:34 . 2013-03-15 09:34115432----a-w-c:\windows\system32\OpenAL32.dll
    2013-03-15 09:34 . 2013-03-15 09:34--------d-----w-c:\program files\AGEIA Technologies
    2013-03-15 09:34 . 2013-03-15 09:34--------d-----w-c:\windows\system32\AGEIA
    2013-03-15 09:33 . 2013-03-15 09:33--------d-----w-c:\program files\Common Files\Wise Installation Wizard
    2013-03-14 11:06 . 2013-04-03 10:22--------d-----w-c:\users\User\AppData\Roaming\vlc
    2013-03-14 06:55 . 2013-03-14 06:55--------d-----w-c:\users\User\AppData\Roaming\ScreenSeven
    2013-03-14 06:55 . 2013-03-14 06:55--------d-----w-c:\users\User\AppData\Roaming\GRETECH
    2013-03-12 06:13 . 2013-03-12 06:30--------d-----w-c:\users\User\AppData\Roaming\Notepad++
    2013-03-12 06:13 . 2013-03-12 06:13--------d-----w-c:\program files\Notepad++
    2013-03-11 13:54 . 2013-03-11 13:56--------d-----w-c:\program files\RAR Password Cracker
    2013-03-11 07:30 . 2013-04-06 13:55--------d-----w-c:\users\User\AppData\Roaming\BitTorrent
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-02 11:01 . 2013-02-22 07:3713560----a-w-c:\windows\system32\drivers\gfibto.sys
    2013-04-02 11:01 . 2012-09-19 21:3944424----a-w-c:\windows\system32\sbbd.exe
    2013-02-23 07:45 . 2013-02-23 07:4594112----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2013-02-23 07:45 . 2013-02-23 07:46861088----a-w-c:\windows\system32\npDeployJava1.dll
    2013-02-23 07:45 . 2013-02-23 07:46782240----a-w-c:\windows\system32\deployJava1.dll
    2013-02-19 08:50 . 2012-05-23 17:15811520----a-w-c:\windows\system32\user32.dll
    2013-02-19 08:50 . 2010-11-20 21:29409088----a-w-c:\windows\system32\systemcpl.dll
    2013-02-19 08:50 . 2010-11-20 21:2913824----a-w-c:\windows\system32\slwga.dll
    2013-02-19 08:38 . 2013-02-19 08:26499712----a-w-c:\windows\system32\msvcp71.dll
    2013-02-19 08:38 . 2013-02-19 08:26348160----a-w-c:\windows\system32\msvcr71.dll
    2013-03-08 10:24 . 2013-03-08 10:24263064----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2013-02-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.21874] . . c:\windows\System32\user32.dll
    [7] 2012-05-23 . F423305D648659593E61ADE582B53E69 . 811520 . . [6.1.7601.21874] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.21874_none_cf88973be4ecd9fb\user32.dll
    [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-02-08 00:4922376----a-w-c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-02-20 3487128]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2013-04-09 153136]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2013-04-09 1836328]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
    "XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1202560]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-19 345312]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    TP-LINK Wireless Client Utility.lnk - c:\program files\TP-LINK\COMMON\TWCU.exe [2013-2-19 10918400]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
    c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
    --auto-start [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2013-02-19 08:38296096----a-w-c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001
    .
    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
    R2 AIPS;Arp Intelligent Protection Service;c:\program files\netcut\services\AIPS.exe [x]
    R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [x]
    R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [x]
    R3 TpMediaServer;TpMediaServer;c:\program files\TP-LINK\COMMON\RaMediaServer.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
    S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [x]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
    S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/02/19 16:27];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
    S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
    S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
    S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [x]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
    S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
    S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr28u;TP-LINK Wireless USB Adapter;c:\windows\system32\DRIVERS\netr28u.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1009692711-701744250-1283350087-1000Core.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-22 06:07]
    .
    2013-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1009692711-701744250-1283350087-1000UA.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-22 06:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://friendly-google-search.blogspot.com
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\237344232403: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\E474D284F4F494D2847514E474: NameServer = 8.8.8.8,8.8.4.4
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a8918prj.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=gm011&pr=sa&d=2013-04-02 20:58&v=14.2.0.1&pid=safeguard&sg=2&sap=hp
    FF - prefs.js: keyword.URL - hxxp://mysearch.avg.com/search?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=gm011&pr=sa&d=2013-04-02 20:58&pid=safeguard&sg=2&v=14.0.0.12&sap=ku&q=
    FF - ExtSQL: 2013-02-19 16:38; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - ExtSQL: 2013-02-20 10:36; mozilla_cc@internetdownloadmanager.com; c:\users\User\AppData\Roaming\IDM\idmmzcc5
    FF - ExtSQL: 2013-02-22 15:45; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a8918prj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    FF - ExtSQL: 2013-04-02 20:58; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
    MSConfigStartUp-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
    AddRemove-Assassin's Creed III_is1 - f:\assassin's creed iii\unins000.exe
    AddRemove-AVG SafeGuard toolbar - c:\program files\AVG SafeGuard toolbar\UNINSTALL.exe
    AddRemove-Fraps - c:\fraps\uninstall.exe
    AddRemove-NetCut_is1 - c:\program files\netcut\unins000.exe
    AddRemove-Sniper Ghost Warrior_is1 - g:\strategi\Sniper Ghost Warrior\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
    04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:81,34,cd,31,b6,10,ce,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\AUDIODG.EXE
    c:\windows\system32\atieclxx.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\ASRock\XFast LAN\spd.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files\TP-LINK\COMMON\RaRegistry.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2013-04-09 13:16:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-04-09 05:16
    .
    Pre-Run: 10,702,946,304 bytes free
    Post-Run: 10,677,559,296 bytes free
    .
    - - End Of File - - 29B0AE5B8CA26E3C2461ADA195C91644
  14. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Looks good.

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  15. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    Computer doing well , no more High CPU usage , no more error when opening new tab on browser...but the AVG detect lot W32/SALITY.AT (AVG took 4 hours to full scan)

    I'm proceeding with next step you gave..
  16. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    Update : High CPU Usage not solve yet...
  17. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    This is not good....

    Hold on with my previous reply for now.

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  18. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    From AdwCleaner

    # AdwCleaner v2.200 - Logfile created 04/10/2013 at 09:32:23
    # Updated 02/04/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (32 bits)
    # User : User - USER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\User\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\adawaretb

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\PIP
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0.2 (en-US)

    -\\ Google Chrome v26.0.1410.43

    *************************

    AdwCleaner[S1].txt - [3220 octets] - [10/04/2013 09:32:23]

    ########## EOF - C:\AdwCleaner[S1].txt - [3280 octets] ##########

    ============================================================

    From JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.3 (04.05.2013:1)
    OS: Windows 7 Professional x86
    Ran by User on Wed 04/10/2013 at 9:39:17.03
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
    Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\systweak"
    Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\adawaretb"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\a8918prj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\a8918prj.default\prefs.js

    user_pref("browser.startup.homepage", "hxxp://mysearch.avg.com/?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2
    user_pref("keyword.URL", "hxxp://mysearch.avg.com/search?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2decf7d3



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 04/10/2013 at 9:46:03.98
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  19. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    I cant put both report from OTL at same place...limit character
    From OTL.txt

    OTL logfile created on: 4/10/2013 9:47:42 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.57% Memory free
    4.00 Gb Paging File | 2.88 Gb Available in Paging File | 71.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 73.14 Gb Total Space | 8.91 Gb Free Space | 12.18% Space Free | Partition Type: NTFS
    Drive D: | 75.80 Gb Total Space | 40.33 Gb Free Space | 53.20% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/04/10 09:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    PRC - [2013/04/03 21:26:19 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    PRC - [2013/03/19 08:12:42 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2013/03/06 15:13:53 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2013/02/25 15:47:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2013/02/25 15:47:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2012/12/20 03:56:24 | 000,482,304 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2012/12/20 03:55:48 | 000,219,136 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2012/12/19 15:30:54 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    PRC - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/05/24 01:29:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2012/05/24 01:28:03 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/10/19 16:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\spd.exe
    PRC - [2011/10/19 16:19:20 | 001,202,560 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
    PRC - [2011/09/07 15:54:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe
    PRC - [2011/04/20 11:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
    PRC - [2011/04/01 17:08:50 | 010,918,400 | ---- | M] (TP-LINK Technology, Corp.) -- C:\Program Files\TP-LINK\COMMON\TWCU.exe
    PRC - [2011/03/31 21:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
    PRC - [2011/03/31 21:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
    PRC - [2011/03/14 15:25:48 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
    PRC - [2010/11/21 05:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/11/21 05:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/19 23:59:27 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
    MOD - [2013/02/19 21:24:40 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
    MOD - [2013/02/19 21:24:34 | 011,912,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\a70842538614699d690561ef5f43598b\System.Web.ni.dll
    MOD - [2013/02/19 21:24:25 | 000,767,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll
    MOD - [2013/02/19 21:23:49 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
    MOD - [2013/02/19 21:13:02 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
    MOD - [2013/02/19 21:12:51 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
    MOD - [2013/02/19 21:12:46 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
    MOD - [2013/02/19 21:12:43 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
    MOD - [2013/02/19 21:12:38 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
    MOD - [2013/02/19 21:12:34 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
    MOD - [2013/02/19 21:12:32 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
    MOD - [2013/02/19 21:12:23 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
    MOD - [2013/02/19 21:12:22 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
    MOD - [2013/02/19 21:12:19 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
    MOD - [2013/02/19 21:12:12 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
    MOD - [2012/12/19 15:31:12 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    MOD - [2011/03/14 15:20:20 | 001,033,568 | ---- | M] () -- C:\Program Files\TP-LINK\COMMON\RaWLAPI.dll
    MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\netcut\services\AIPS.exe -- (AIPS)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2013/04/08 23:00:56 | 000,619,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\TP-LINK\COMMON\RaMediaServer.exe -- (TpMediaServer)
    SRV - [2013/04/08 23:00:52 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2013/04/08 23:00:46 | 001,509,888 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2013/04/03 21:26:19 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
    SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/03/08 18:24:37 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/02/25 15:47:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2013/02/25 15:47:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2013/02/19 16:50:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2012/12/20 03:55:48 | 000,219,136 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2012/12/19 15:30:54 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2011/10/19 16:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
    SRV - [2011/09/07 15:54:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
    SRV - [2011/04/20 11:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
    SRV - [2011/03/31 21:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
    SRV - [2011/03/31 21:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
    SRV - [2011/03/14 15:25:48 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\TP-LINK\COMMON\RaRegistry.exe -- (RalinkRegistryWriter)
    SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\USERS\USER\APPDATA\LOCAL\TEMP\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
    DRV - [2013/04/03 21:26:19 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2013/04/02 19:01:13 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
    DRV - [2013/03/06 15:13:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2013/02/27 12:22:41 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2013/02/27 12:22:41 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2012/12/20 04:47:46 | 009,647,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2012/12/20 03:32:06 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2012/12/17 06:43:06 | 000,033,616 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
    DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/11/06 19:11:46 | 000,084,992 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
    DRV - [2012/09/12 20:19:38 | 000,066,344 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
    DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2012/08/09 17:02:52 | 000,033,104 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AsrRamDisk.sys -- (AsrRamDisk)
    DRV - [2012/05/24 00:51:20 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2012/04/23 19:26:26 | 000,096,056 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
    DRV - [2011/09/07 15:53:12 | 001,814,640 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2011/07/07 01:12:48 | 000,328,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
    DRV - [2011/07/04 15:19:02 | 001,180,032 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed)
    DRV - [2011/04/20 11:56:48 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)
    DRV - [2011/04/12 17:16:53 | 000,077,296 | ---- | M] (CyberLink Corp.) [2013/02/19 16:27:30] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
    DRV - [2011/03/14 15:25:20 | 001,174,880 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
    DRV - [2010/11/21 05:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/21 05:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/21 05:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/21 05:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/21 05:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/21 05:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/21 05:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/21 05:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/21 05:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/06/26 01:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2010/03/04 22:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
    DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/07/14 06:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://friendly-google-search.blogspot.com
    IE - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.search.useDBForOrder: "false"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/02/19 16:38:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/22 22:46:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2013/02/20 10:36:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/22 22:46:29 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2013/02/20 10:36:45 | 000,000,000 | ---D | M]

    [2013/02/20 10:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
    [2013/02/22 15:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a8918prj.default\extensions
    [2013/04/10 09:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a8918prj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2013/03/08 18:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/03/08 18:24:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/11/29 16:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/04/03 21:27:43 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
    [2013/02/28 19:13:08 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://mysearch.avg.com/?cid={ADDC5...decf7d34c&lang=en&ds=gm011&pr=sa&d=2013-04-02 20:58:17&v=14.2.0.1&pid=safeguard&sg=2&sap=hp
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: FVD Video Downloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.3_0\
    CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/04/09 13:11:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
    O4 - HKU\S-1-5-21-1009692711-701744250-1283350087-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}: NameServer = 8.8.8.8,8.8.4.4
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2013/04/10 09:40:32 | 000,000,235 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2013/04/10 09:14:39 | 000,000,224 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/04/10 09:39:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/04/10 09:39:01 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/04/10 09:20:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2013/04/10 09:19:39 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe
    [2013/04/09 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Realore_Whiterra Adelantado2
    [2013/04/09 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy Book Two
    [2013/04/09 21:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adelantado Trilogy Book Two
    [2013/04/09 20:42:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ayah
    [2013/04/09 17:19:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (3)
    [2013/04/09 13:13:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2013/04/09 13:11:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
    [2013/04/09 13:02:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/04/09 13:02:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/04/09 13:02:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/04/09 13:02:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/04/09 13:02:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/04/09 00:04:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
    [2013/04/08 20:48:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ElevatedDiagnostics
    [2013/04/08 20:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
    [2013/04/08 19:20:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.com
    [2013/04/08 19:15:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
    [2013/04/08 19:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/04/08 19:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/04/08 19:14:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/04/08 19:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/04/08 19:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
    [2013/04/08 19:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Task Manager
    [2013/04/03 17:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\GreenTree Applications
    [2013/04/03 17:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD YouTube Downloader & Converter
    [2013/04/02 20:59:32 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\flash
    [2013/04/02 20:59:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\AVG SafeGuard toolbar
    [2013/04/02 20:58:14 | 000,033,112 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2013/04/02 20:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
    [2013/04/02 20:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    [2013/04/02 20:57:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2013/04/02 20:23:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
    [2013/04/02 20:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2013/04/02 20:10:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2013/04/02 20:10:45 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
    [2013/04/02 20:10:45 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
    [2013/04/02 20:10:45 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
    [2013/04/02 20:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2013/04/02 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2013/04/02 19:02:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nero
    [2013/04/02 17:29:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apps
    [2013/04/01 21:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
    [2013/04/01 21:59:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\BridgeProject
    [2013/04/01 21:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bridge Project
    [2013/04/01 17:01:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PunkBuster
    [2013/04/01 17:00:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Theta
    [2013/04/01 16:46:12 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\FarCry 3
    [2013/03/28 21:20:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
    [2013/03/28 21:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
    [2013/03/28 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\IAmAlive
    [2013/03/25 16:05:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\by_dekart811
    [2013/03/25 16:04:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FAH
    [2013/03/25 15:38:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn Hamachi
    [2013/03/25 15:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2013/03/25 15:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
    [2013/03/25 15:00:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SKIDROW
    [2013/03/25 14:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
    [2013/03/23 15:28:40 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Cheat Tables
    [2013/03/23 15:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
    [2013/03/23 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.2
    [2013/03/23 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (2)
    [2013/03/22 22:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
    [2013/03/22 22:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2013/03/22 22:46:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
    [2013/03/22 22:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
    [2013/03/22 22:41:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ad-Aware Antivirus
    [2013/03/18 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
    [2013/03/18 11:58:50 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Telltale Games
    [2013/03/17 08:35:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\wanted
    [2013/03/17 08:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\wanted
    [2013/03/16 12:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
    [2013/03/15 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\salvation
    [2013/03/15 17:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\salvation
    [2013/03/15 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
    [2013/03/15 17:34:14 | 000,418,480 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
    [2013/03/15 17:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2013/03/15 17:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
    [2013/03/15 17:34:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
    [2013/03/15 17:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2013/03/15 17:33:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
    [2013/03/14 19:06:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
    [2013/03/14 14:55:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ScreenSeven
    [2013/03/14 14:55:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GRETECH
    [2013/03/13 01:02:03 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\UMNO kewangan
    [2013/03/12 14:13:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    [2013/03/12 14:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
    [2013/03/12 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Notepad++
    [2013/03/12 14:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
    [2013/03/11 21:54:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
    [2013/03/11 21:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
    [2013/03/11 21:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Cracker
    [2013/03/11 15:30:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\BitTorrent
    [22 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/04/10 09:40:32 | 000,103,140 | RHS- | M] () -- C:\itnu.pif
    [2013/04/10 09:40:32 | 000,000,235 | RHS- | M] () -- C:\autorun.inf
    [2013/04/10 09:33:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/04/10 09:33:31 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
    [2013/04/10 09:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2013/04/10 09:19:50 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe
    [2013/04/10 09:19:28 | 000,613,083 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
    [2013/04/10 00:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1009692711-701744250-1283350087-1000UA.job
    [2013/04/09 21:38:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Adelantado Trilogy Book Two.lnk
    [2013/04/09 14:12:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1009692711-701744250-1283350087-1000Core.job
    [2013/04/09 13:11:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/04/09 01:04:43 | 000,016,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/04/09 01:04:42 | 000,016,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/04/09 00:03:50 | 000,816,128 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe
    [2013/04/08 23:09:55 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/04/08 23:09:55 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/04/08 20:00:13 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
    [2013/04/08 19:35:01 | 000,281,688 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2013/04/08 19:18:41 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.com
    [2013/04/08 19:14:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/08 19:03:29 | 000,001,120 | ---- | M] () -- C:\Users\User\Desktop\Advanced Task Manager.lnk
    [2013/04/08 00:34:03 | 000,138,032 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2013/04/08 00:33:42 | 000,281,688 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
    [2013/04/06 19:21:20 | 000,001,319 | ---- | M] () -- C:\Users\User\Desktop\farcry3_d3d11 - Shortcut.lnk
    [2013/04/03 21:26:19 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2013/04/03 17:34:48 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
    [2013/04/03 10:13:13 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2013/04/02 20:58:37 | 000,001,179 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
    [2013/04/02 20:58:37 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
    [2013/04/02 20:11:21 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2013/04/02 19:01:13 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
    [2013/04/02 19:01:13 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
    [2013/04/01 12:28:01 | 000,000,273 | ---- | M] () -- C:\Users\User\Documents\AutoHotkey.ahk
    [2013/03/31 20:17:46 | 000,002,358 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
    [2013/03/28 21:46:40 | 000,001,553 | ---- | M] () -- C:\Users\User\Desktop\IAmAlive_game - Shortcut.lnk
    [2013/03/28 21:27:57 | 000,001,159 | ---- | M] () -- C:\Users\User\Desktop\Uplay.lnk
    [2013/03/26 11:34:11 | 000,408,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/03/25 20:10:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2013/03/25 20:10:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2013/03/23 15:28:36 | 000,001,043 | ---- | M] () -- C:\Users\User\Desktop\Cheat Engine.lnk
    [2013/03/20 20:24:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2013/03/20 13:19:44 | 000,000,522 | ---- | M] () -- C:\Users\User\Desktop\samp - Shortcut.lnk
    [2013/03/16 00:42:13 | 000,641,903 | ---- | M] () -- C:\Users\User\Desktop\tumblr_inline_mjfxlrMfpb1qz4rgp.gif
    [2013/03/15 17:34:14 | 000,418,480 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
    [2013/03/14 15:13:30 | 000,007,607 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
    [2013/03/13 20:24:57 | 000,029,144 | ---- | M] () -- C:\Users\User\Desktop\Payment-Voucher-Template.jpg
    [2013/03/11 15:36:32 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
    [2013/03/11 15:36:32 | 000,000,849 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [22 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/04/10 09:40:32 | 000,103,140 | RHS- | C] () -- C:\itnu.pif
    [2013/04/10 09:40:08 | 000,000,235 | RHS- | C] () -- C:\autorun.inf
    [2013/04/10 09:19:13 | 000,613,083 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
    [2013/04/09 21:38:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Adelantado Trilogy Book Two.lnk
    [2013/04/09 13:02:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/04/09 13:02:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/04/09 13:02:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/04/09 13:02:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/04/09 13:02:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/04/09 00:03:25 | 000,816,128 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe
    [2013/04/08 20:00:13 | 000,000,710 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
    [2013/04/08 19:14:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/08 19:03:29 | 000,001,120 | ---- | C] () -- C:\Users\User\Desktop\Advanced Task Manager.lnk
    [2013/04/03 17:34:48 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
    [2013/04/02 20:11:21 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2013/04/02 13:07:43 | 000,001,319 | ---- | C] () -- C:\Users\User\Desktop\farcry3_d3d11 - Shortcut.lnk
    [2013/04/01 17:01:53 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2013/04/01 17:01:46 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
  20. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Please read my previous reply.
  21. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    [2013/04/01 17:01:46 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
    [2013/04/01 17:01:36 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
    [2013/04/01 17:01:22 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2013/03/31 21:06:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2013/03/28 21:46:40 | 000,001,553 | ---- | C] () -- C:\Users\User\Desktop\IAmAlive_game - Shortcut.lnk
    [2013/03/28 21:20:34 | 000,001,159 | ---- | C] () -- C:\Users\User\Desktop\Uplay.lnk
    [2013/03/25 20:10:52 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2013/03/25 20:10:52 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2013/03/23 15:28:36 | 000,001,043 | ---- | C] () -- C:\Users\User\Desktop\Cheat Engine.lnk
    [2013/03/20 20:24:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2013/03/16 00:42:11 | 000,641,903 | ---- | C] () -- C:\Users\User\Desktop\tumblr_inline_mjfxlrMfpb1qz4rgp.gif
    [2013/03/14 15:13:30 | 000,007,607 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
    [2013/03/13 20:24:40 | 000,029,144 | ---- | C] () -- C:\Users\User\Desktop\Payment-Voucher-Template.jpg
    [2013/03/11 15:36:32 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
    [2013/03/11 15:36:32 | 000,000,849 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
    [2013/02/27 12:23:34 | 000,000,984 | ---- | C] () -- C:\Windows\eReg.dat
    [2013/02/26 17:20:36 | 000,000,003 | ---- | C] () -- C:\Users\User\AppData\Local\user_data.ini
    [2013/02/19 22:06:59 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
    [2013/02/19 22:06:47 | 000,480,608 | ---- | C] () -- C:\Windows\System32\DiagFunc.dll
    [2013/02/19 22:06:47 | 000,000,452 | ---- | C] () -- C:\Windows\System32\DiagFunc.ini
    [2013/02/19 20:49:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2013/02/19 20:42:26 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
    [2013/02/19 20:42:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
    [2013/02/19 20:42:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
    [2013/02/19 20:42:25 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
    [2013/02/19 20:42:25 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat
    [2013/02/19 20:42:22 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2013/02/19 20:42:18 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2013/02/19 14:21:24 | 000,010,084 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2012/12/19 15:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
    [2012/11/19 15:33:32 | 000,065,656 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
    [2012/11/19 15:33:30 | 000,022,640 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
    [2012/05/24 00:59:19 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/05/24 01:21:51 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/03/22 23:57:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ad-Aware Antivirus
    [2013/02/20 11:34:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BANDISOFT
    [2013/04/06 21:55:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
    [2013/02/20 14:54:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\bizarre creations
    [2013/03/09 12:54:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BlackBean
    [2013/03/10 14:47:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CreeperWorld2
    [2013/02/27 10:02:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
    [2013/04/10 00:40:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DMCache
    [2013/02/19 21:00:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DRPSu
    [2013/03/26 00:21:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FAH
    [2013/03/22 12:47:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IDM
    [2013/02/20 14:46:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MinMaxGames
    [2013/03/12 14:30:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++
    [2013/03/14 14:55:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ScreenSeven
    [2013/04/01 17:00:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Theta
    [2013/04/07 14:41:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client
    [2013/03/01 19:16:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wargaming.net

    ========== Purity Check ==========



    < End of report >

    From Extra.txt

    OTL Extras logfile created on: 4/10/2013 9:47:42 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.57% Memory free
    4.00 Gb Paging File | 2.88 Gb Available in Paging File | 71.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 73.14 Gb Total Space | 8.91 Gb Free Space | 12.18% Space Free | Partition Type: NTFS
    Drive D: | 75.80 Gb Total Space | 40.33 Gb Free Space | 53.20% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 1
    "UpdatesDisableNotify" = 1
    "UacDisableNotify" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 1
    "UpdatesDisableNotify" = 1
    "UacDisableNotify" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Internet Download Manager\IEMonitor.exe" = C:\Program Files\Internet Download Manager\IEMonitor.exe:*:Enabled:ipsec -- (Tonec Inc.)
    "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe:*:Enabled:ipsec -- (ATI Technologies Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2806832E-F826-4403-9B57-2AC9A90DA568}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2AA1EA62-5533-40CB-B9BF-C88116ECD5B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{456CFB3B-4227-4658-97E0-879B8F3145F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{59B9B1FA-BB80-41D4-9909-CB3BD29E48D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9F2BEADB-10DD-4BD5-ACEA-8D933F79ADC0}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A50F881A-7507-4110-A60A-D41915F814DF}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B5C74011-68F3-415A-B95C-D3E725507724}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D3FA7340-D6FF-455F-88E9-1013C7A5C94B}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D92F7F7A-7A74-4AE3-96D1-D75E4DA7A640}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F0BB9B93-FE0D-406E-8D6D-CBF47B075010}" = rport=445 | protocol=6 | dir=out | app=system |
    "{F6A67DA5-32D4-47E0-8C96-738A68CFC159}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F86E31C5-F575-4334-8488-BAF939EB794A}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0304D486-E20B-42AD-8727-56463BB44C80}" = dir=in | app=c:\program files\cyberlink\powerdvd11\pdvd11serv.exe |
    "{0972CA6D-46D3-4A19-8AC4-9410468CCFE4}" = protocol=58 | dir=in | app=system |
    "{0D6866ED-EED5-434D-B690-91F13195AC7C}" = protocol=6 | dir=in | app=c:\users\user\documents\farcry 3\bin\farcry3_d3d11.exe |
    "{0DBF5FB0-0451-4C95-B9AA-C6FEEDE2D8D4}" = protocol=6 | dir=in | app=c:2\strategi\assassin's creed iii\ac3sp.exe |
    "{206C5115-56F0-403A-B0EF-D4F38C7AF7BA}" = protocol=17 | dir=in | app=c:2\strategi\assassin's creed iii\ac3sp.exe |
    "{23313B26-56C3-4AC9-9E68-7BC82A84F1EC}" = protocol=17 | dir=in | app=c:\users\user\documents\farcry 3\bin\farcry3.exe |
    "{2809EA6A-EADC-4507-8CCD-732E6D03EA26}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{39A0657C-5EED-4E81-A73E-7E781AA60EF8}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\moviemodule.exe |
    "{47551D88-B786-4268-88F6-9C98B4E2E32E}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
    "{54D20528-7813-4706-9B90-B831EE662E97}" = protocol=6 | dir=in | app=c:\users\user\downloads\I am alive pc full game single-player ^^nosteam^^\I am alive\src\system\iamalive_game.exe |
    "{59115DA2-C25A-41D6-A5E7-E58B8E3BEC20}" = protocol=17 | dir=in | app=c:\users\user\downloads\I am alive pc full game single-player ^^nosteam^^\I am alive\src\system\iamalive_game.exe |
    "{614448D4-B9E2-494B-B7F0-C623781965CF}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
    "{67F42B90-9176-4289-A7BD-3584D4DFB140}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{6DDEFBEE-B377-42DF-940B-F8C38619FD3D}" = protocol=17 | dir=in | app=c:\users\user\documents\farcry 3\bin\farcry3_d3d11.exe |
    "{7D463FC2-DB41-4BC4-B554-EA39B27145C6}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\I am alive\src\system\iamalive_game.exe |
    "{961F91C5-761C-4056-8ECA-CA1FBEA8654E}" = dir=in | app=c:\program files\cyberlink\powerdvd11\powerdvd11.exe |
    "{98F4CFEB-AC10-4C95-A62C-740AE182331F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{9CCF2859-3644-4DAB-8257-EDA601EDF309}" = dir=in | app=c:\program files\cyberlink\powerdvd11\common\mediaserver\clmsserver.exe |
    "{A6D738FE-6321-4DC0-9C48-35E101FDC07B}" = protocol=6 | dir=in | app=f:\strategi\crysis 2\bin32\crysis2.exe |
    "{CD34D1DE-A045-4202-93FD-75526A6C9FC4}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
    "{CD5A9A97-4603-4A96-8381-C192EB6D2EB0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{DAFE40F9-B213-4319-A207-895585C5F428}" = protocol=6 | dir=in | app=c:\users\user\documents\farcry 3\bin\farcry3.exe |
    "{E5696DBF-512F-474C-925F-0913AF9AA1B4}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{E893974F-1A47-447A-9A95-E0F90E9A2E9C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\I am alive\src\system\iamalive_game.exe |
    "{EEBFF846-5860-4FED-B922-4B05E44C4A13}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
    "{F131E2B5-4265-4FE8-A0C6-9B4D400BE5CD}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
    "{F46244EE-0D9A-409B-81CF-ADE9A3E7340A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F556644E-8332-45A1-8512-EF1B5D9B59F9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{F85716CB-9CD6-4838-B478-5C67BB32B07A}" = protocol=17 | dir=in | app=f:\strategi\crysis 2\bin32\crysis2.exe |
    "TCP Query User{00C426FC-CEDC-424F-934C-BEF93223495B}C:\program files\common files\nero\lib\nmindexstoresvr.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\lib\nmindexstoresvr.exe |
    "TCP Query User{0C515E61-AA5C-407F-9885-32E35D0DA6B8}D:\activision\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\activision\world_of_tanks\wotlauncher.exe |
    "TCP Query User{120DFFDE-0500-4162-897B-5C9D17107722}C:\users\user\appdata\local\temp\7d5c2e44-adf8-4bda-baee-cea96f3acefe\dismhost.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\7d5c2e44-adf8-4bda-baee-cea96f3acefe\dismhost.exe |
    "TCP Query User{194B8A85-BFB6-4771-B2AA-0731B229FEF1}C:\windows\system32\userinit.exe" = protocol=6 | dir=in | app=c:\windows\system32\userinit.exe |
    "TCP Query User{291F2CFB-E7BB-42E3-B201-94060D9F9B3C}C:5\test drive - unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:5\test drive - unlimited\testdriveunlimited.exe |
    "TCP Query User{2C5BADE0-1EFC-4B17-88C5-5B43147F3E44}C:\program files\asrock\xfast lan\cfosspeed.exe" = protocol=6 | dir=in | app=c:\program files\asrock\xfast lan\cfosspeed.exe |
    "TCP Query User{38DDFF2C-766B-4667-AE67-454C32B75BED}C:\windows\system32\searchprotocolhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\searchprotocolhost.exe |
    "TCP Query User{3B3C3C57-C21E-4B00-A5C5-300579A79BDC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
    "TCP Query User{4259EC2C-1F7C-4AD7-9DB5-A507613775BA}D:\activision\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\activision\world_of_tanks\wotlauncher.exe |
    "TCP Query User{4C3A04B3-C1D5-4660-8774-F41C5855185C}C:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe |
    "TCP Query User{51C05529-6BFD-47D9-95E2-D39E7473543D}C:5\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=c:5\assassin's creed iii\ac3sp.exe |
    "TCP Query User{52B71CC6-FB27-4F00-9D61-00AF10ECDD69}C:\program files\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
    "TCP Query User{589F443B-04E7-44BB-AEC0-852A2FB90C8B}C:\program files\tp-link\common\twcu.exe" = protocol=6 | dir=in | app=c:\program files\tp-link\common\twcu.exe |
    "TCP Query User{5B82D9D8-EE4A-4A22-AE82-D1811CFBF093}C:\windows\system32\conhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\conhost.exe |
    "TCP Query User{616E7171-B25D-498D-A4BF-AEFED95F44A1}D:\activision\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\activision\world of tanks\wotlauncher.exe |
    "TCP Query User{6F616563-626A-473E-AC0E-16C503922154}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |
    "TCP Query User{6FF802B0-E796-49CC-8DC2-E8D5046D2CD5}C:\program files\ea games\command & conquer generals zero hour\generals.exe" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\generals.exe |
    "TCP Query User{7D9885D9-1EE6-4E53-BCC5-1089C4BEEB92}C:\program files\common files\nero\lib\nmbgmonitor.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\lib\nmbgmonitor.exe |
    "TCP Query User{85A43939-790D-449F-9781-4E1A7EA91418}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
    "TCP Query User{92291B69-EF2B-4837-BC6D-85FF12606067}C:\program files\logmein hamachi\hamachi-2-ui.exe" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
    "TCP Query User{95777E54-22FB-4B0B-A3AB-51F806BBC388}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe |
    "TCP Query User{A042E76D-19E7-436A-9F52-DB1E6D6B97F4}D:\activision\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\activision\world_of_tanks\worldoftanks.exe |
    "TCP Query User{A4EAB9CB-1825-4055-A178-EC3FB9A64296}C:\program files\real\realplayer\update\realsched.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\update\realsched.exe |
    "TCP Query User{B1E84DEB-0AA1-44DF-9859-D5D861470C28}G:\strategi\bully\blur(tm)\blur.exe" = protocol=6 | dir=in | app=g:\strategi\bully\blur(tm)\blur.exe |
    "TCP Query User{B2FEBA6F-E66D-48B7-B1FD-C8783390D81E}C:\users\user\appdata\roaming\biogoh.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\biogoh.exe |
    "TCP Query User{B56DEF31-5430-4A9D-9A44-76DCBAF40BED}C:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe |
    "TCP Query User{B67CC27D-E31C-44BF-A8AE-4B7324387B5D}C:\windows\system32\taskmgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskmgr.exe |
    "TCP Query User{C568E8B0-1653-4EF3-98C1-BEB2ECBC44D6}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
    "TCP Query User{CCC69A2F-B5A5-41F7-A551-DCD2E98CFB21}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe |
    "TCP Query User{CEEBC1CF-3E03-4E50-9B7B-3A95B389BE82}C:\program files\internet download manager\iemonitor.exe" = protocol=6 | dir=in | app=c:\program files\internet download manager\iemonitor.exe |
    "TCP Query User{D3828576-1FCE-4919-9295-140CB76A06F3}C:\program files\avg safeguard toolbar\vprot.exe" = protocol=6 | dir=in | app=c:\program files\avg safeguard toolbar\vprot.exe |
    "TCP Query User{D54861A5-4CE7-4C98-A78C-07425F475EBD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{D6406532-7CAA-4ABB-A7FA-3A87FB942028}C:\program files\common files\nero\lib\nerocheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\lib\nerocheck.exe |
    "TCP Query User{D7010BB0-3C67-486A-8D3B-55A82FD6673C}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "TCP Query User{DC67409B-970D-4580-9242-305A46FCC8E6}C:\program files\ati technologies\ati.ace\core-static\ccc.exe" = protocol=6 | dir=in | app=c:\program files\ati technologies\ati.ace\core-static\ccc.exe |
    "TCP Query User{E31689B5-D5F8-442B-86C0-DEE8729116E6}C:\program files\ubisoft\ubisoft game launcher\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\farcry 3\bin\farcry3_d3d11.exe |
    "TCP Query User{E959A594-CB79-42F6-A65B-835B9E4CC0F8}C:\program files\ati technologies\ati.ace\core-static\mom.exe" = protocol=6 | dir=in | app=c:\program files\ati technologies\ati.ace\core-static\mom.exe |
    "TCP Query User{F2CB85AF-5E69-4359-B227-93EFA94655E5}D:1\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=d:1\assassin's creed iii\ac3sp.exe |
    "TCP Query User{F50AEE30-FE05-4422-B267-ADF1648C5EB7}F:\test drive - unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=f:\test drive - unlimited\testdriveunlimited.exe |
    "TCP Query User{F9224C03-C12F-4E12-B9B9-8BDC28396605}F:\test drive - unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=f:\test drive - unlimited\testdriveunlimited.exe |
    "TCP Query User{FC1640CE-6E6B-43AE-B718-E089F1B736C8}C:\windows\system32\cleanmgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\cleanmgr.exe |
    "UDP Query User{02E8D294-AF7E-444C-BD48-08C6BF4E6A17}C:\windows\system32\userinit.exe" = protocol=17 | dir=in | app=c:\windows\system32\userinit.exe |
    "UDP Query User{1BAB0933-C6D9-4769-92C6-46FB4CCCB1D7}D:\activision\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\activision\world_of_tanks\wotlauncher.exe |
    "UDP Query User{276CA005-AB0E-4F02-B3D6-5364C6D30973}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{28DF9063-0133-4521-A8F1-AE5CA6D17DB7}G:\strategi\bully\blur(tm)\blur.exe" = protocol=17 | dir=in | app=g:\strategi\bully\blur(tm)\blur.exe |
    "UDP Query User{2EFD044E-68FC-460D-9E97-8570531EA395}C:\program files\logmein hamachi\hamachi-2-ui.exe" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
    "UDP Query User{2F9CB50E-E2E0-40B8-9409-E92AC25AF606}C:5\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=c:5\assassin's creed iii\ac3sp.exe |
    "UDP Query User{3CA24E33-F033-498D-A02D-732F024C2589}C:5\test drive - unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:5\test drive - unlimited\testdriveunlimited.exe |
    "UDP Query User{49B2F480-E9DF-4F01-97DA-D3787472CE31}C:\program files\asrock\xfast lan\cfosspeed.exe" = protocol=17 | dir=in | app=c:\program files\asrock\xfast lan\cfosspeed.exe |
    "UDP Query User{4C7D0B5B-8852-4D0C-A34D-01B87CD17DF6}C:\program files\common files\nero\lib\nmindexstoresvr.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\lib\nmindexstoresvr.exe |
    "UDP Query User{4D2D1EA9-2132-4BCC-81D0-DC71B5CAA2DB}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe |
    "UDP Query User{4D5E28F3-1FBB-4D55-AE31-E6A7522D54E6}D:\activision\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\activision\world of tanks\wotlauncher.exe |
    "UDP Query User{4F182B25-9723-4F19-BEFC-D8017810BD1B}C:\program files\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
    "UDP Query User{58AAA12C-6E62-4FEF-8D32-57DF55B572E0}C:\program files\ati technologies\ati.ace\core-static\ccc.exe" = protocol=17 | dir=in | app=c:\program files\ati technologies\ati.ace\core-static\ccc.exe |
    "UDP Query User{5B21DD7E-5D79-46FE-B701-D2C5BDDD8AC0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
    "UDP Query User{5B9F8FC0-A23D-459F-A902-6D4CD22247A1}C:\program files\ati technologies\ati.ace\core-static\mom.exe" = protocol=17 | dir=in | app=c:\program files\ati technologies\ati.ace\core-static\mom.exe |
    "UDP Query User{65D50B31-B09B-4B52-9FAE-78A16A82C5D0}C:\program files\real\realplayer\update\realsched.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\update\realsched.exe |
    "UDP Query User{669D4CF1-1B8F-44A5-80B0-35A29C73666B}C:\program files\common files\nero\lib\nmbgmonitor.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\lib\nmbgmonitor.exe |
    "UDP Query User{6789ACE2-A023-406C-ADCA-D767FABA37B8}D:\activision\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\activision\world_of_tanks\worldoftanks.exe |
    "UDP Query User{6EE7F0B3-5E16-4FC4-98DC-7CA60EB225D9}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe |
    "UDP Query User{6F83BCB6-8B3F-4297-BCFB-29EA9B98F2F7}C:\program files\internet download manager\iemonitor.exe" = protocol=17 | dir=in | app=c:\program files\internet download manager\iemonitor.exe |
    "UDP Query User{7781EC3E-0CD9-4D14-BCE1-E95591197198}C:\windows\system32\cleanmgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\cleanmgr.exe |
    "UDP Query User{790A34F5-F3F6-4DBD-9E5B-534AD8825B8F}F:\test drive - unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=f:\test drive - unlimited\testdriveunlimited.exe |
    "UDP Query User{7E556F35-D5E9-412A-993B-FCC881B43743}C:\program files\avg safeguard toolbar\vprot.exe" = protocol=17 | dir=in | app=c:\program files\avg safeguard toolbar\vprot.exe |
    "UDP Query User{8B6AD7D3-058C-4FD2-AD43-B6AD0FFAAB16}C:\users\user\appdata\local\temp\7d5c2e44-adf8-4bda-baee-cea96f3acefe\dismhost.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\7d5c2e44-adf8-4bda-baee-cea96f3acefe\dismhost.exe |
    "UDP Query User{93CDA920-96ED-407B-92E5-450E4B3573F2}C:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe |
    "UDP Query User{9731BE1B-7FB5-4C07-85AE-A3BAA9BAD473}C:\program files\common files\nero\lib\nerocheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\lib\nerocheck.exe |
    "UDP Query User{9A8759A2-A625-41FF-83A9-4C049E1B9CD9}C:\users\user\appdata\roaming\biogoh.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\biogoh.exe |
    "UDP Query User{9F11E7DE-975A-47E6-8D99-E72E68123B7D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
    "UDP Query User{A65008BD-950C-43F2-A905-F21AD5EA6749}D:\activision\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\activision\world_of_tanks\wotlauncher.exe |
    "UDP Query User{AB991276-CA87-4D30-83ED-E7ECD05DCB3B}C:\program files\tp-link\common\twcu.exe" = protocol=17 | dir=in | app=c:\program files\tp-link\common\twcu.exe |
    "UDP Query User{B52A2330-0664-4571-BF4B-ACA58B1B6519}C:\program files\ubisoft\ubisoft game launcher\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\farcry 3\bin\farcry3_d3d11.exe |
    "UDP Query User{B90F2EBF-1703-49ED-8ED3-84C70BF95996}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "UDP Query User{BCBE96F0-68E4-4654-8DB2-4DC170895317}F:\test drive - unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=f:\test drive - unlimited\testdriveunlimited.exe |
    "UDP Query User{BECEC119-8E9A-4474-9C7E-3D50AD34C3B3}D:1\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=d:1\assassin's creed iii\ac3sp.exe |
    "UDP Query User{C97FC239-DF9D-49EF-880F-1580C8756421}C:\windows\system32\taskmgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskmgr.exe |
    "UDP Query User{D0F106BD-938B-4A79-A93B-ED2A8D0560E3}C:\program files\ea games\command & conquer generals zero hour\generals.exe" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\generals.exe |
    "UDP Query User{D7B6C8F9-3030-4C7C-9E37-1EA57C7A48C8}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
    "UDP Query User{E1EE7149-2D89-48D3-810D-058E02BBDFE8}C:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe |
    "UDP Query User{EC7742C0-43E1-4D7B-ABCF-4F2003F3FA78}C:\windows\system32\conhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\conhost.exe |
    "UDP Query User{F9D944F2-603E-4CA9-B3DC-19BC9A816F97}C:\windows\system32\searchprotocolhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\searchprotocolhost.exe |
    "UDP Query User{FFBF3DD9-080B-40D9-AF3C-86B22F51E644}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{004D677F-9935-0D07-4BB9-44EE9B53382A}" = AMD Fuel
    "{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek
    "{022BC727-ACB7-4C1D-109C-177515714A32}" = AMD VISION Engine Control Center
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish
    "{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard
    "{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese
    "{11EBACCC-8A12-D33E-9F9A-CF3F354C9C43}" = AMD Accelerated Video Transcoding
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
    "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812SEA}_is1" = World of Tanks
    "{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese
    "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish
    "{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch
    "{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional
    "{429D0B67-B925-EBD6-B83B-21A7554A0212}" = ccc-utility
    "{44D9C861-7B40-41E4-8A25-C9EBB9A7A59B}" = TP-LINK Wireless Client Utility
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4d06741b-db1d-4d4d-b31c-b52ad89fd521}" = Graboid Video 3.84 Setup
    "{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
    "{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian
    "{66F81F38-62F4-42D2-C6E4-2521F73987CF}" = AMD Media Foundation Decoders
    "{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
    "{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
    "{8CB0D512-C3B1-1089-B7F9-53B8E0089F90}" = AMD Drag and Drop Transcoding
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai
    "{95316F50-3D46-C92A-D76B-6E40795C4072}" = AMD Catalyst Install Manager
    "{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}" = Nero 8
    "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
    "{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
    "{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
    "{D2E9333F-8DCD-4DDA-A90B-A30DFD5791AC}" = Portal 2
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy
    "{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish
    "{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All
    "{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common
    "{ECEFE8C6-6B99-49F1-80FD-7E3C175913FE}_is1" = Adelantado Trilogy Book Two version 1.0
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian
    "{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
    "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish
    "Adobe AIR" = Adobe AIR
    "ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.28
    "ATM5_is1" = Advanced Task Manager for Windows Vista & Windows XP
    "AutoHotkey" = AutoHotkey 1.1.09.03
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "Bandicam" = Bandicam
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BitTorrent" = BitTorrent
    "Cheat Engine 6.2_is1" = Cheat Engine 6.2
    "GOM Player" = GOM Player
    "Graboid Video" = Graboid Video 3.84
    "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
    "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "Internet Download Manager" = Internet Download Manager
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OpenAL" = OpenAL
    "RAR Password Cracker" = RAR Password Cracker 4.12
    "RealAlt_is1" = Real Alternative 2.0.2
    "RealPlayer 15.0" = RealPlayer
    "Steam App 440" = Team Fortress 2
    "Steam App 570" = Dota 2
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "Uplay" = Uplay
    "VLC media player" = VLC media player 1.0.1
    "Winamp" = Winamp
    "WinPcapInst" = WinPcap 4.1.2
    "WinRAR archiver" = WinRAR 4.20 (32-bit)
    "XFast LAN" = XFast LAN v6.61

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1009692711-701744250-1283350087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Winamp Detect" = Winamp Detector Plug-in

    < End of report >
  22. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

  23. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Please read my reply #17.
  24. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    OK im on it..
  25. Nazrin Azman

    Nazrin Azman Newcomer, in training Topic Starter Posts: 17

    C:\autorun.infINF/Autorun.gen worm
    C:\itnu.pifWin32/Sality virus
    C:\JRT\choice.exeWin32/Sality.NBA virus
    C:\JRT\cut.exeWin32/Sality.NBA virus
    C:\JRT\nircmd.exeWin32/Sality.NBA virus
    C:\JRT\sed.exeWin32/Sality.NBA virus
    C:\JRT\shortcut.exeWin32/Sality.NBA virus
    C:\JRT\erunt\ERUNT.EXEWin32/Sality.NBA virus
    C:\PHOTOSHOP 7.0\Setup.exeWin32/Sality.NBA virus
    C:\PHOTOSHOP 7.0\_ISDel.exeWin32/Sality.NBA virus
    C:\Program Files\Adelantado Trilogy Book Two\Adelantado2.exeWin32/Sality.NBA virus
    C:\Program Files\AMD APP\bin\x86\amdocl_as.exeWin32/Sality.NBA virus
    C:\Program Files\AMD APP\bin\x86\amdocl_ld.exeWin32/Sality.NBA virus
    C:\Program Files\AMD AVT\bin\kdbsync.exeWin32/Sality.NBA virus
    C:\Program Files\ASRock Utility\XFast RAM\unins000.exeWin32/Sality.NBA virus
    C:\Program Files\ATI\CIM\Bin\SetACL.exeWin32/Sality.NBA virus
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\installShell.exeWin32/Sality.NBA virus
    C:\Program Files\AutoHotkey\AU3_Spy.exeWin32/Sality.NBA virus
    C:\Program Files\AutoHotkey\AutoHotkey.exeWin32/Sality.NBA virus
    C:\Program Files\AutoHotkey\AutoHotkeyA32.exeWin32/Sality.NBA virus
    C:\Program Files\AutoHotkey\AutoHotkeyU32.exeWin32/Sality.NBA virus
    C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exeWin32/Sality.NBA virus
    C:\Program Files\Bandicam\uninstall.exeWin32/Sality.NBA virus
    C:\Program Files\Cheat Engine 6.2\unins000.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Java\Java Update\jusched.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NeroCmd.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NeroScoutOptions.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NeroSearchAdvanced.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NeTsMan.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NMBCWriter.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NMCdRipServer.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NMDllHost.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NMSTranscoder.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NMTVServer.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Lib\NMTvWizard.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Nero Web\SetupX.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\NeroSlideShow\SlideShw.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Shared\NL3\NeroPatentActivation.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\Nero\Shared\NL3\NeroUpgrade.exeWin32/Sality.NBA virus
    C:\Program Files\Common Files\PX Storage Engine\pxhpinst.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\Activate.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\PDVDLaunchPolicy.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\Common\EvoParser\CLUpdater.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\Install.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\Uninstall.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\CLHelper.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\PSUtil.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\Movie\PowerDVD.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PDVDCM11Service.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PowerDVDCinema11.exeWin32/Sality.NBA virus
    C:\Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cox\PowerDVDCox11.exeWin32/Sality.NBA virus
    C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\generals.exeWin32/Sality.NBA virus
    C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_eReg.exeWin32/Sality.NBA virus
    C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_EZ.exeWin32/Sality.NBA virus
    C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_uninst.exeWin32/Sality.NBA virus
    C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\support\go_ez.exeWin32/Sality.NBA virus
    C:\Program Files\EA Games\Command and Conquer Generals\generals.exeWin32/Sality.NBA virus
    C:\Program Files\EA Games\Command and Conquer Generals\WorldBuilder.exeWin32/Sality.NBA virus
    C:\Program Files\EA Games\Command and Conquer Generals\support\Command and Conquer Generals_EZ.exeWin32/Sality.NBA virus
    C:\Program Files\EA Games\Command and Conquer Generals\support\Generals_uninst.exeWin32/Sality.NBA virus
    C:\Program Files\EA Games\Command and Conquer Generals\support\go_ez.exeWin32/Sality.NBA virus
    C:\Program Files\Graboid\uninst.exeWin32/Sality.NBA virus
    C:\Program Files\Graboid\GraboidVideo\3.84\DLManager\GraboidDLManager.exeWin32/Sality.NBA virus
    C:\Program Files\Graboid\GraboidVideo\3.84\DLManager\w9xpopen.exeWin32/Sality.NBA virus
    C:\Program Files\Graboid\GraboidVideo\3.84\DLManager\win\unrar\UnRAR.exeWin32/Sality.NBA virus
    C:\Program Files\Graboid\GraboidVideo\3.84\DLManager\win\unzip\unzip.exeWin32/Sality.NBA virus
    C:\Program Files\Graboid\GraboidVideo\3.84\GraboidRegisterProtocol\registerProtocol.exeWin32/Sality.NBA virus
    C:\Program Files\GreenTree Applications\YTD Video Downloader\FFMPEG.EXEWin32/Sality.NBA virus
    C:\Program Files\GreenTree Applications\YTD Video Downloader\Uninstall.exeWin32/Sality.NBA virus
    C:\Program Files\GRETECH\GomPlayer\GomWiz.exeWin32/Sality.NBA virus
    C:\Program Files\GRETECH\GomPlayer\GrLauncher.exeWin32/Sality.NBA virus
    C:\Program Files\GRETECH\GomPlayer\KillGom.exeWin32/Sality.NBA virus
    C:\Program Files\GRETECH\GomPlayer\RtParser.exeWin32/Sality.NBA virus
    C:\Program Files\GRETECH\GomPlayer\ShellRegister.exeWin32/Sality.NBA virus
    C:\Program Files\GRETECH\GomPlayer\srt2smi.exeWin32/Sality.NBA virus
    C:\Program Files\GRETECH\GomPlayer\Uninstall.exeWin32/Sality.NBA virus
    C:\Program Files\Innovative Solutions\Advanced Task Manager\unins000.exeWin32/Sality.NBA virus
    C:\Program Files\InstallShield Installation Information\{44D9C861-7B40-41E4-8A25-C9EBB9A7A59B}\setup.exeWin32/Sality.NBA virus
    C:\Program Files\InstallShield Installation Information\{F232C87C-6E92-4775-8210-DFE90B7777D9}\7z.exeWin32/Sality.NBA virus
    C:\Program Files\InstallShield Installation Information\{F232C87C-6E92-4775-8210-DFE90B7777D9}\Setup.exeWin32/Sality.NBA virus
    C:\Program Files\Internet Download Manager\IDMan.exeWin32/Sality.NBA virus
    C:\Program Files\Internet Download Manager\IEMonitor.exeWin32/Sality.NBA virus
    C:\Program Files\Internet Download Manager\Uninstall.exeWin32/Sality.NBA virus
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exeWin32/Sality.NBA virus
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeWin32/Sality.NBA virus
    C:\Program Files\Malwarebytes' Anti-Malware\unins000.exeWin32/Sality.NBA virus
    C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exeWin32/Sality.NBA virus
    C:\Program Files\Mozilla Firefox\webapp-uninstaller.exeWin32/Sality.NBA virus
    C:\Program Files\Mozilla Firefox\uninstall\helper.exeWin32/Sality.NBA virus
    C:\Program Files\Mozilla Maintenance Service\Uninstall.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero\Uninstall\UNNERO.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBSFtp.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Burning Rom\NeDwFileHelper.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Burning Rom\SecurDisc\discinfo.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverDes.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero MediaHome\NeroMediaHome.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero MediaHome\NMMediaServer.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Recode\Recode.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero SoundTrax\SoundTrax.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero StartSmart\NeroInFDiscCopy.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Toolkit\DiscSpeed.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Toolkit\InfoTool.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Toolkit\RescueAgent\NeroRescueAgent.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero WaveEditor\DXEnum.exeWin32/Sality.NBA virus
    C:\Program Files\Nero\Nero8\Nero WaveEditor\waveedit.exeWin32/Sality.NBA virus
    C:\Program Files\Notepad++\notepad++.exeWin32/Sality.NBA virus
    C:\Program Files\Notepad++\updater\GUP.exeWin32/Sality.NBA virus
    C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exeWin32/Sality.NBA virus
    C:\Program Files\NVIDIA Corporation\Uninstall\nvunrm.exeWin32/Sality.NBA virus
    C:\Program Files\OpenAL\oalinst.exeWin32/Sality.NBA virus
    C:\Program Files\RAR Password Cracker\uninstall.exeWin32/Sality.NBA virus
    C:\Program Files\Real Alternative\settings.exeWin32/Sality.NBA virus
    C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exeWin32/Sality.NBA virus
    C:\Program Files\Real Alternative\Update_OB\upgrdhlp.exeWin32/Sality.NBA virus
    C:\Program Files\Realtek\Audio\HDA\RtkAudioSrvATI.exeWin32/Sality.NBA virus
    C:\Program Files\Realtek\Audio\HDA\RtkUpd.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\GameOverlayUI.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\backup\french\steambackup.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\backup\german\steambackup.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\backup\italian\steambackup.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\backup\spanish\steambackup.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\games\appid_10540.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\games\appid_10560.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\games\appid_17300.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\games\appid_17330.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\games\appid_17340.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\games\appid_6510.exeWin32/Sality.NBA virus
    C:\Program Files\Steam\steam\games\appid_6520.exeWin32/Sality.NBA virus
    C:\Program Files\TeamSpeak 3 Client\createfileassoc.exeWin32/Sality.NBA virus
    C:\Program Files\TeamSpeak 3 Client\error_report.exeWin32/Sality.NBA virus
    C:\Program Files\TeamSpeak 3 Client\package_inst.exeWin32/Sality.NBA virus
    C:\Program Files\TeamSpeak 3 Client\update.exeWin32/Sality.NBA virus
    D:\autorun.infINF/Autorun.gen worm
    D:\uvoxld.exeWin32/Sality virus
    D:\Activision\call of duty modern warfare 3\iw5mp_server.exeWin32/Sality.NBA virus
    D:\Activision\call of duty modern warfare 3\iw5sp.exeWin32/Sality.NBA virus
    D:\Activision\call of duty modern warfare 3\r.a.s.exeWin32/Sality.NBA virus
    D:\Activision\call of duty modern warfare 3\vcredist_x86_2008.exeWin32/Sality.NBA virus
    D:\Activision\call of duty modern warfare 3\main\arc.exeWin32/Sality.NBA virus
    D:\Activision\call of duty modern warfare 3\main\oggdec.exeWin32/Sality.NBA virus
    D:\Activision\call of duty modern warfare 3\main\precomp.exeWin32/Sality.NBA virus
    D:\Activision\call of duty modern warfare 3\main\zip.exeWin32/Sality.NBA virus
    D:\Activision\call of duty modern warfare 3\zone\english\7za.exeWin32/Sality.NBA virus
    D:\Activision\call of duty modern warfare 3\zone\english\arc.exeWin32/Sality.NBA virus
    D:\Activision\call of duty modern warfare 3\zone\english\precomp.exeWin32/Sality.NBA virus
    D:\Activision\World of Tanks\unins000.exeWin32/Sality.NBA virus
    D:\Activision\World of Tanks\WoTLauncher.exeWin32/Sality.NBA virus
    D:\Activision\WWE RAW Ultimate Impact (2009)\Copy of WWERUI.exeWin32/Sality.NBA virus
    D:\Activision\WWE RAW Ultimate Impact (2009)\RAS.exeWin32/Sality.NBA virus
    D:\Activision\WWE RAW Ultimate Impact (2009)\tmp.exeWin32/Sality.NBA virus
    D:\Activision\WWE RAW Ultimate Impact (2009)\vcredist_x86.exeWin32/Sality.NBA virus
    D:\Activision\WWE RAW Ultimate Impact (2009)\WWERUI.exeWin32/Sality.NBA virus
    D:\ayah\abg\Mods\ModWarfare\7za.exeWin32/Sality.NBA virus
    D:\cnc\Generals_Code.exeWin32/Sality.NBA virus
    D:\cnc\zero\shw.exeWin32/Sality.NBA virus
    D:\cnc\zero\shw_cnr.exeWin32/Sality.NBA virus
    D:\cnc\zero\shw_cqs.exeWin32/Sality.NBA virus
    D:\cnc\zero\shw_cqw.exeWin32/Sality.NBA virus
    D:\cnc\zero\shw_cwn.exeWin32/Sality.NBA virus
    D:\cnc\zero\shw_qs.exeWin32/Sality.NBA virus
    D:\cnc\zero\shw_qsw.exeWin32/Sality.NBA virus
    D:\cnc\zero\shw_wb.exeWin32/Sality.NBA virus
    D:\cnc\zero\shw_win.exeWin32/Sality.NBA virus
    D:\cnc\zero\Uinst_shw.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\generals.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\WorldBuilder.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\Data\INI\IniChecker3.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_eReg.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_EZ.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_uninst.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\support\go_ez.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command and Conquer Generals\generals.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command and Conquer Generals\WorldBuilder.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command and Conquer Generals\support\Command and Conquer Generals_EZ.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command and Conquer Generals\support\Generals_uninst.exeWin32/Sality.NBA virus
    D:\EA Games\EA Games\Command and Conquer Generals\support\go_ez.exeWin32/Sality.NBA virus
    D:\GTA-SanAndreas\gta_sa.exeWin32/Sality.NBA virus
    D:\GTA-SanAndreas\rcon.exeWin32/Sality.NBA virus
    D:\GTA-SanAndreas\sa-mp-0.3e-install.exeWin32/Sality.NBA virus
    D:\GTA-SanAndreas\samp.exeWin32/Sality.NBA virus
    D:\GTA-SanAndreas\SAMPUninstall.exeWin32/Sality.NBA virus
    D:\GTA-SanAndreas\samp_debug.exeWin32/Sality.NBA virus
    D:\GTA-SanAndreas\unins000.exeWin32/Sality.NBA virus
    D:\GTA-SanAndreas\UnRAR.exeWin32/Sality.NBA virus
    D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXEWin32/Sality.NBA virus
    D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OFFCLN.EXEWin32/Sality.NBA virus
    D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXEWin32/Sality.NBA virus
    D:\software\ADOBE PHOTOSHOP LIGHTROOM 3.4\SOFTWARE\Install Lightroom 3.exeWin32/Sality.NBA virus
    D:\temp\ext18866\install.exeWin32/Sality.NBA virus
    Operating memoryWin32/Sality.NBA virus


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.