Inactive [Not curable - Sality] Malware + PUM.Disabled. Security Center

Nazrin Azman

Posts: 17   +0
I dont know why my pc become slower....I see my CPU usage is 100% , I tried to end task the program , then another program use lot CPU , I do it the step again , same result...

I scan my PC with malwarebytes anti malware then I got this result


1 malware.packer.gen, 3 PUM.Disabled. Security Center
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
From Malwarebytes anti - malware

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.08.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

Protection: Enabled

4/8/2013 10:38:53 PM
MBAM-log-2013-04-08 (22-48-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199161
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\hddl.pif (Malware.Packer.Gen) -> No action taken.

(end)
 
From dds attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/19/2013 1:38:32 PM
System Uptime: 4/8/2013 7:27:47 PM (1 hours ago)
.
Motherboard: ASRock | | N68C-GS FX
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | CPUSocket | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 73 GiB total, 10.593 GiB free.
D: is FIXED (NTFS) - 76 GiB total, 29.119 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&1A2227A&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&1A2227A&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader XI (11.0.02)
Advanced Task Manager for Windows Vista & Windows XP
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
ASRock XFast RAM v2.0.28
Assassin's Creed III
AutoHotkey 1.1.09.03
AVG SafeGuard toolbar
Avira Free Antivirus
Bandicam
Bandisoft MPEG-1 Decoder
BitTorrent
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.2
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
CyberLink PowerDVD 11
Dota 2
Fraps
GOM Player
Google Chrome
Graboid Video 3.84
Graboid Video 3.84 Setup
Internet Download Manager
Java 7 Update 15
Java Auto Updater
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
Nero 8
neroxml
NetCut 2.1.4
Notepad++
NVIDIA Drivers
NVIDIA PhysX
OpenAL
Portal 2
RAR Password Cracker 4.12
Real Alternative 2.0.2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek HDMI Audio Driver for ATI
RealUpgrade 1.1
Sniper Ghost Warrior
Steam
System Requirements Lab Detection
Team Fortress 2
TeamSpeak 3 Client
TP-LINK Wireless Client Utility
Uplay
VCRedistSetup
VLC media player 1.0.1
Winamp
Winamp Detector Plug-in
WinPcap 4.1.2
WinRAR 4.20 (32-bit)
World of Tanks
XFast LAN v6.61
YTD Video Downloader 4.0
.
==== Event Viewer Messages From Past Week ========
.
4/8/2013 7:58:04 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.
4/8/2013 7:58:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
4/8/2013 7:28:24 PM, Error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The system cannot find the file specified.
4/8/2013 7:28:17 PM, Error: Service Control Manager [7000] - The Arp Intelligent Protection Service service failed to start due to the following error: The system cannot find the file specified.
4/6/2013 11:19:51 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/5/2013 11:31:27 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/3/2013 8:14:57 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 64-27-37-07-83-50. Network operations on this system may be disrupted as a result.
4/2/2013 7:53:23 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
4/2/2013 7:02:00 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
4/2/2013 7:01:25 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2013 7:00:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
4/2/2013 7:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/2/2013 7:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/2/2013 7:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/2/2013 7:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/2/2013 7:00:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/2/2013 7:00:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/2/2013 7:00:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cFosSpeed CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6
4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2013 7:00:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2013 6:27:05 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 64-27-37-07-83-50. Network operations on this system may be disrupted as a result.
4/1/2013 9:42:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
4/1/2013 9:42:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x00000008, 0x807c8750, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
4/1/2013 9:42:43 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 
From dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.15.2
Run by User at 20:56:26 on 2013-04-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.1006 [GMT 8:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\TP-LINK\COMMON\TWCU.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\explorer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\notepad.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://friendly-google-search.blogspot.com
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [XFast LAN] c:\program files\asrock\xfast lan\cFosSpeed.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\common\TWCU.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\237344232403 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\237344232403 : DHCPNameServer = 122.255.99.228 122.255.99.236
TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\E474D284F4F494D2847514E474 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\E474D284F4F494D2847514E474 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\a8918prj.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=gm011&pr=sa&d=2013-04-02 20:58:17&v=14.2.0.1&pid=safeguard&sg=2&sap=hp
FF - prefs.js: keyword.URL - hxxp://mysearch.avg.com/search?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=gm011&pr=sa&d=2013-04-02 20:58:17&pid=safeguard&sg=2&v=14.0.0.12&sap=ku&q=
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-02-19 16:38; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: 2013-02-20 10:36; mozilla_cc@internetdownloadmanager.com; c:\users\user\appdata\roaming\idm\idmmzcc5
FF - ExtSQL: 2013-02-22 15:45; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\user\appdata\roaming\mozilla\firefox\profiles\a8918prj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: 2013-04-02 20:58; avg@toolbar; c:\programdata\avg safeguard toolbar\firefoxext\14.2.0.1
.
============= SERVICES / DRIVERS ===============
.
R0 AsrRamDisk;AsrRamDisk;c:\windows\system32\drivers\AsrRamDisk.sys [2013-2-26 33104]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-2-22 13560]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-4-2 33112]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-4-2 37352]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/02/19 16:27:30];c:\program files\cyberlink\powerdvd11\common\navfilter\000.fcl [2013-2-19 77296]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-2-19 219136]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-12-19 291840]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-4-2 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-4-2 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-4-2 84744]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\CLHNServiceForPowerDVD.exe [2013-2-19 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSMonitorService.exe [2013-2-19 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSServer.exe [2013-2-19 312616]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-5-4 96056]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-8 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-8 682344]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\ntk_PowerDVD.sys [2013-2-19 71664]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\tp-link\common\RaRegistry.exe [2013-2-19 374112]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-9-12 66344]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2013-2-19 27760]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-4-3 968880]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-2-19 84992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-8 21104]
R3 netr28u;TP-LINK Wireless USB Adapter;c:\windows\system32\drivers\netr28u.sys [2013-2-19 1174880]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-2-19 1814640]
S2 Ad-Aware Service;Ad-Aware Service;"c:\program files\ad-aware antivirus\adawareservice.exe" --> c:\program files\ad-aware antivirus\AdAwareService.exe [?]
S2 AIPS;Arp Intelligent Protection Service;c:\program files\netcut\services\aips.exe --> c:\program files\netcut\services\AIPS.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBAMSvc;Ad-Aware;"c:\program files\ad-aware antivirus\sbamsvc.exe" --> c:\program files\ad-aware antivirus\SBAMSvc.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-2-23 33616]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-24 21504]
S3 TpMediaServer;TpMediaServer;c:\program files\tp-link\common\RaMediaServer.exe [2013-2-19 689504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-19 1343400]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-14 1436160]
.
=============== Created Last 30 ================
.
2013-04-08 12:48:27--------d-----w-c:\users\user\appdata\local\ElevatedDiagnostics
2013-04-08 11:15:07--------d-----w-c:\users\user\appdata\roaming\Malwarebytes
2013-04-08 11:14:52--------d-----w-c:\programdata\Malwarebytes
2013-04-08 11:14:5121104----a-w-c:\windows\system32\drivers\mbam.sys
2013-04-08 11:14:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-04-08 11:03:29--------d-----w-c:\program files\Innovative Solutions
2013-04-03 09:34:50--------d-----w-c:\programdata\YTD Video Downloader
2013-04-03 09:34:47--------d-----w-c:\program files\GreenTree Applications
2013-04-03 09:30:09--------d-----w-c:\programdata\YTD YouTube Downloader & Converter
2013-04-02 12:59:12--------d-----w-c:\users\user\appdata\local\AVG SafeGuard toolbar
2013-04-02 12:58:1433112----a-w-c:\windows\system32\drivers\avgtpx86.sys
2013-04-02 12:58:08--------d-----w-c:\program files\common files\AVG Secure Search
2013-04-02 12:57:45--------d-----w-c:\programdata\AVG SafeGuard toolbar
2013-04-02 12:57:44--------d--h--w-c:\programdata\Common Files
2013-04-02 12:23:36--------d-----w-c:\users\user\appdata\roaming\Avira
2013-04-02 12:10:4584744----a-w-c:\windows\system32\drivers\avgntflt.sys
2013-04-02 12:10:4537352----a-w-c:\windows\system32\drivers\avkmgr.sys
2013-04-02 12:10:42--------d-----w-c:\programdata\Avira
2013-04-02 12:10:42--------d-----w-c:\program files\Avira
2013-04-02 09:29:29--------d-----w-c:\users\user\appdata\local\Apps
2013-04-02 07:46:266991832----a-w-c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-04-02 07:46:217108640----a-w-c:\programdata\microsoft\windows defender\definition updates\{3b61d3e6-de3c-40f1-9da4-d432df1eb3d0}\mpengine.dll
2013-04-02 07:46:21232336------w-c:\windows\system32\MpSigStub.exe
2013-04-01 13:59:04--------d-----w-c:\users\user\appdata\local\BridgeProject
2013-04-01 13:59:04--------d-----w-c:\programdata\Steam
2013-04-01 13:54:41--------d-----w-c:\program files\Bridge Project
2013-04-01 09:01:53138032----a-w-c:\windows\system32\drivers\PnkBstrK.sys
2013-04-01 09:01:46281688----a-w-c:\windows\system32\PnkBstrB.exe
2013-04-01 09:01:46281688----a-w-c:\windows\system32\PnkBstrB.ex0
2013-04-01 09:01:36281688----a-w-c:\windows\system32\PnkBstrB.xtr
2013-04-01 09:01:2276888----a-w-c:\windows\system32\PnkBstrA.exe
2013-04-01 09:01:22--------d-----w-c:\users\user\appdata\local\PunkBuster
2013-04-01 09:00:10--------d-----w-c:\users\user\appdata\roaming\Theta
2013-03-28 08:20:063936----a-w-C:\STF1B68.tmp
2013-03-28 08:09:133936----a-w-C:\STF23F3.tmp
2013-03-28 07:51:333936----a-w-C:\STFF425.tmp
2013-03-28 07:08:293936----a-w-C:\STF87BC.tmp
2013-03-28 02:34:333810----a-w-C:\STFE65B.tmp
2013-03-27 14:56:133810----a-w-C:\STF45A2.tmp
2013-03-27 09:18:023810----a-w-C:\STFA912.tmp
2013-03-27 09:02:303810----a-w-C:\STF6F67.tmp
2013-03-27 08:06:173810----a-w-C:\STFF721.tmp
2013-03-26 10:45:033810----a-w-C:\STF247A.tmp
2013-03-26 09:55:403810----a-w-C:\STFEF6A.tmp
2013-03-25 09:16:283902----a-w-C:\STFF2CE.tmp
2013-03-25 09:02:333472----a-w-C:\STF33FC.tmp
2013-03-25 09:00:493472----a-w-C:\STF9F60.tmp
2013-03-25 08:49:183902----a-w-C:\STF11A7.tmp
2013-03-25 08:46:383472----a-w-C:\STFA00A.tmp
2013-03-25 08:44:353472----a-w-C:\STFBF71.tmp
2013-03-25 08:43:023472----a-w-C:\STF55AF.tmp
2013-03-25 08:07:213862----a-w-C:\STFABAE.tmp
2013-03-25 08:05:53--------d-----w-c:\users\user\appdata\local\by_dekart811
2013-03-25 08:04:23--------d-----w-c:\users\user\appdata\roaming\FAH
2013-03-25 07:38:14--------d-----w-c:\users\user\appdata\local\LogMeIn Hamachi
2013-03-25 07:37:06--------d-----w-c:\program files\LogMeIn Hamachi
2013-03-25 07:31:183862----a-w-C:\STFA9D9.tmp
2013-03-25 07:17:483844----a-w-C:\STF4D5A.tmp
2013-03-25 07:13:333844----a-w-C:\STF6B26.tmp
2013-03-25 07:00:52--------d-----w-c:\users\user\appdata\local\SKIDROW
2013-03-23 07:28:34--------d-----w-c:\program files\Cheat Engine 6.2
2013-03-22 14:46:03--------d-----w-c:\windows\system32\drivers\VDD
2013-03-22 14:46:03--------d-----w-c:\program files\Ad-Aware Antivirus
2013-03-22 14:41:08--------d-----w-c:\users\user\appdata\roaming\Ad-Aware Antivirus
2013-03-18 03:58:57--------d-----w-c:\programdata\REVOLT
2013-03-17 00:35:58--------d-----w-c:\users\user\appdata\local\wanted
2013-03-17 00:35:58--------d-----w-c:\programdata\wanted
2013-03-15 09:38:48--------d-----w-c:\users\user\appdata\local\salvation
2013-03-15 09:38:48--------d-----w-c:\programdata\salvation
2013-03-15 09:34:15--------d-----w-c:\program files\OpenAL
2013-03-15 09:34:14418480----a-w-c:\windows\system32\wrap_oal.dll
2013-03-15 09:34:14115432----a-w-c:\windows\system32\OpenAL32.dll
2013-03-15 09:34:09--------d-----w-c:\windows\system32\AGEIA
2013-03-15 09:33:58--------d-----w-c:\program files\common files\Wise Installation Wizard
2013-03-15 09:33:52--------d-----w-c:\windows\system32\directx
2013-03-14 06:55:43--------d-----w-c:\users\user\appdata\roaming\ScreenSeven
2013-03-11 13:54:46--------d-----w-c:\program files\RAR Password Cracker
2013-03-11 07:30:42--------d-----w-c:\users\user\appdata\roaming\BitTorrent
.
==================== Find3M ====================
.
2013-04-02 11:01:1344424----a-w-c:\windows\system32\sbbd.exe
2013-04-02 11:01:1313560----a-w-c:\windows\system32\drivers\gfibto.sys
2013-02-23 07:45:4094112----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-02-23 07:45:38861088----a-w-c:\windows\system32\npDeployJava1.dll
2013-02-23 07:45:38782240----a-w-c:\windows\system32\deployJava1.dll
2013-02-19 12:49:340----a-w-c:\windows\ativpsrm.bin
2013-02-19 08:50:18811520----a-w-c:\windows\system32\user32.dll
2013-02-19 08:50:18409088----a-w-c:\windows\system32\systemcpl.dll
2013-02-19 08:50:1813824----a-w-c:\windows\system32\slwga.dll
2013-02-19 08:38:15499712----a-w-c:\windows\system32\msvcp71.dll
2013-02-19 08:38:15348160----a-w-c:\windows\system32\msvcr71.dll
2013-01-29 10:17:3218800----a-w-c:\windows\system32\roboot.exe
.
============= FINISH: 20:57:20.41 ===============
 
Your MBAM log says "No action taken".
Re-run MBAM, fix all issues and post new log.
 
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

Protection: Enabled

4/8/2013 11:48:50 PM
mbam-log-2013-04-08 (23-48-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199071
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
redtarget.gif
Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
2 log From RKreport
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 04/09/2013 00:23:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : Z1 (cmd /c "C:\Users\User\Desktop\New folder (2)\mbar\mbar.exe" /cleanup /s) [7] -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8322722D -> HOOKED (Unknown @ 0x8E1088FE)
SSDT[299] : NtRequestWaitReplyPort @ 0x83241C19 -> HOOKED (Unknown @ 0x8E108908)
SSDT[316] : NtSetContextThread @ 0x832E11AB -> HOOKED (Unknown @ 0x8E108903)
SSDT[347] : NtSetSecurityObject @ 0x83205816 -> HOOKED (Unknown @ 0x8E10890D)
SSDT[368] : NtSystemDebugControl @ 0x832898AE -> HOOKED (Unknown @ 0x8E108912)
SSDT[370] : NtTerminateProcess @ 0x8325EDB1 -> HOOKED (Unknown @ 0x8E10889F)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8E108926)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8E10892B)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR S TM3160815AS SCSI Disk Device +++++
--- User ---
[MBR] d4947121f23b9b07af67c865887b739c
[BSP] 5f62c761c03b39cb976c3953aead3334 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74897 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153597465 | Size: 77618 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_S_04092013_02d0023.txt >>
RKreport[1]_S_04092013_02d0006.txt ; RKreport[2]_D_04092013_02d0007.txt ; RKreport[3]_S_04092013_02d0023.txt


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 04/09/2013 00:25:03
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : Z1 (cmd /c "C:\Users\User\Desktop\New folder (2)\mbar\mbar.exe" /cleanup /s) [7] -> DELETED
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8322722D -> HOOKED (Unknown @ 0x8E1088FE)
SSDT[299] : NtRequestWaitReplyPort @ 0x83241C19 -> HOOKED (Unknown @ 0x8E108908)
SSDT[316] : NtSetContextThread @ 0x832E11AB -> HOOKED (Unknown @ 0x8E108903)
SSDT[347] : NtSetSecurityObject @ 0x83205816 -> HOOKED (Unknown @ 0x8E10890D)
SSDT[368] : NtSystemDebugControl @ 0x832898AE -> HOOKED (Unknown @ 0x8E108912)
SSDT[370] : NtTerminateProcess @ 0x8325EDB1 -> HOOKED (Unknown @ 0x8E10889F)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8E108926)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8E10892B)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR S TM3160815AS SCSI Disk Device +++++
--- User ---
[MBR] d4947121f23b9b07af67c865887b739c
[BSP] 5f62c761c03b39cb976c3953aead3334 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74897 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153597465 | Size: 77618 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4]_D_04092013_02d0025.txt >>
RKreport[1]_S_04092013_02d0006.txt ; RKreport[2]_D_04092013_02d0007.txt ; RKreport[3]_S_04092013_02d0023.txt ; RKreport[4]_D_04092013_02d0025.txt


(PS:report 1 and 2 is mistaken step so I redo it again)
 
MBAR LOG

Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.03.21.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

4/9/2013 12:34:25 AM
mbar-log-2013-04-09 (00-34-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27896
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


system log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.109000 GHz
Memory total: 2146689024, free: 450605056

------------ Kernel report ------------
04/09/2013 00:09:27
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\AsrRamDisk.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\cfosspeed6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6232.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AtihdW73.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netr28u.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\??\C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86096030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff85d6cc68
Lower Device Driver Name: \Driver\nvstor\
Driver name found: nvstor
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86096030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff860952b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86096030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85d6c9d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85d6cc68, DeviceName: \Device\00000067\, DriverName: \Driver\nvstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffa30a85b8, 0xffffffff86096030, 0xffffffff88578a38
Lower DeviceData: 0xffffffffa3631ee0, 0xffffffff85d6cc68, 0xffffffff8540a4f0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BA39BA39

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 153389056

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 153597465 Numsec = 158963175

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify --> [PUM.Disabled.SecurityCenter]
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify --> [PUM.Disabled.SecurityCenter]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.109000 GHz
Memory total: 2146689024, free: 1097252864

------------ Kernel report ------------
04/09/2013 00:26:02
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\AsrRamDisk.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\cfosspeed6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6232.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AtihdW73.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netr28u.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\??\C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86096030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff85d6cc68
Lower Device Driver Name: \Driver\nvstor\
Device already Exists: 0xffffffff8540a4f0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86096030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff860952b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86096030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85d6c9d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85d6cc68, DeviceName: \Device\00000067\, DriverName: \Driver\nvstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffa33e3ed8, 0xffffffff86096030, 0xffffffff88578a38
Lower DeviceData: 0xffffffffae445440, 0xffffffff85d6cc68, 0xffffffff8540a4f0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BA39BA39

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 153389056

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 153597465 Numsec = 158963175

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify --> [PUM.Disabled.SecurityCenter]
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify --> [PUM.Disabled.SecurityCenter]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
From ComboFix ,

ComboFix 13-04-08.04 - User 04/09/2013 13:04:10.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.976 [GMT 8:00]
Running from: c:\users\User\Downloads\Programs\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\windows\system32\roboot.exe
D:\Autorun.inf
D:\bdahbb.pif
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 )))))))))))))))))))))))))))))))
.
.
2013-04-09 05:11 . 2013-04-09 05:13--------d-----w-c:\users\User\AppData\Local\temp
2013-04-09 05:11 . 2013-04-09 05:11--------d-----w-c:\users\Default\AppData\Local\temp
2013-04-08 12:48 . 2013-04-08 12:51--------d-----w-c:\users\User\AppData\Local\ElevatedDiagnostics
2013-04-08 11:15 . 2013-04-08 11:15--------d-----w-c:\users\User\AppData\Roaming\Malwarebytes
2013-04-08 11:14 . 2013-04-08 11:14--------d-----w-c:\programdata\Malwarebytes
2013-04-08 11:14 . 2013-04-08 11:14--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-04-08 11:14 . 2012-12-14 08:4921104----a-w-c:\windows\system32\drivers\mbam.sys
2013-04-08 11:03 . 2013-04-08 11:03--------d-----w-c:\program files\Innovative Solutions
2013-04-03 09:34 . 2013-04-03 09:34--------d-----w-c:\programdata\YTD Video Downloader
2013-04-03 09:34 . 2013-04-03 09:34--------d-----w-c:\program files\GreenTree Applications
2013-04-03 09:30 . 2013-04-03 09:30--------d-----w-c:\programdata\YTD YouTube Downloader & Converter
2013-04-02 12:59 . 2013-04-02 12:59--------d-----w-c:\users\User\AppData\Local\AVG SafeGuard toolbar
2013-04-02 12:58 . 2013-04-03 13:2633112----a-w-c:\windows\system32\drivers\avgtpx86.sys
2013-04-02 12:58 . 2013-04-02 12:58--------d-----w-c:\program files\Common Files\AVG Secure Search
2013-04-02 12:57 . 2013-04-02 12:58--------d-----w-c:\programdata\AVG SafeGuard toolbar
2013-04-02 12:57 . 2013-04-02 12:57--------d--h--w-c:\programdata\Common Files
2013-04-02 12:23 . 2013-04-02 12:23--------d-----w-c:\users\User\AppData\Roaming\Avira
2013-04-02 12:10 . 2013-03-06 07:1337352----a-w-c:\windows\system32\drivers\avkmgr.sys
2013-04-02 12:10 . 2013-02-27 04:2284744----a-w-c:\windows\system32\drivers\avgntflt.sys
2013-04-02 12:10 . 2013-02-27 04:22135136----a-w-c:\windows\system32\drivers\avipbb.sys
2013-04-02 12:10 . 2013-04-02 12:10--------d-----w-c:\programdata\Avira
2013-04-02 12:10 . 2013-04-02 12:10--------d-----w-c:\program files\Avira
2013-04-02 11:02 . 2013-04-02 11:02--------d-----w-c:\users\User\AppData\Roaming\Nero
2013-04-02 09:29 . 2013-04-02 09:29--------d-----w-c:\users\User\AppData\Local\Apps
2013-04-02 07:46 . 2013-03-18 21:507108640----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B61D3E6-DE3C-40F1-9DA4-D432DF1EB3D0}\mpengine.dll
2013-04-02 07:46 . 2013-01-16 17:28232336------w-c:\windows\system32\MpSigStub.exe
2013-04-01 13:59 . 2013-04-01 13:59--------d-----w-c:\users\User\AppData\Local\BridgeProject
2013-04-01 13:59 . 2013-04-01 13:59--------d-----w-c:\programdata\Steam
2013-04-01 13:54 . 2013-04-02 11:38--------d-----w-c:\program files\Bridge Project
2013-04-01 09:01 . 2013-04-07 16:34138032----a-w-c:\windows\system32\drivers\PnkBstrK.sys
2013-04-01 09:01 . 2013-04-08 11:35281688----a-w-c:\windows\system32\PnkBstrB.exe
2013-04-01 09:01 . 2013-04-07 16:33281688----a-w-c:\windows\system32\PnkBstrB.ex0
2013-04-01 09:01 . 2013-04-08 11:35281688----a-w-c:\windows\system32\PnkBstrB.xtr
2013-04-01 09:01 . 2013-04-01 09:0176888----a-w-c:\windows\system32\PnkBstrA.exe
2013-04-01 09:01 . 2013-04-01 09:01--------d-----w-c:\users\User\AppData\Local\PunkBuster
2013-04-01 09:00 . 2013-04-01 09:00--------d-----w-c:\users\User\AppData\Roaming\Theta
2013-03-28 13:20 . 2013-03-28 13:20--------d-----w-c:\program files\Ubisoft
2013-03-28 08:20 . 2013-03-28 08:203936----a-w-C:\STF1B68.tmp
2013-03-28 08:09 . 2013-03-28 08:093936----a-w-C:\STF23F3.tmp
2013-03-28 07:51 . 2013-03-28 07:513936----a-w-C:\STFF425.tmp
2013-03-28 07:08 . 2013-03-28 07:083936----a-w-C:\STF87BC.tmp
2013-03-28 02:34 . 2013-03-28 02:343810----a-w-C:\STFE65B.tmp
2013-03-27 14:56 . 2013-03-27 14:563810----a-w-C:\STF45A2.tmp
2013-03-27 09:18 . 2013-03-27 09:183810----a-w-C:\STFA912.tmp
2013-03-27 09:02 . 2013-03-27 09:023810----a-w-C:\STF6F67.tmp
2013-03-27 08:06 . 2013-03-27 08:063810----a-w-C:\STFF721.tmp
2013-03-26 10:45 . 2013-03-26 10:453810----a-w-C:\STF247A.tmp
2013-03-26 09:55 . 2013-03-26 09:553810----a-w-C:\STFEF6A.tmp
2013-03-25 09:16 . 2013-03-25 09:163902----a-w-C:\STFF2CE.tmp
2013-03-25 09:02 . 2013-03-25 09:023472----a-w-C:\STF33FC.tmp
2013-03-25 09:00 . 2013-03-25 09:003472----a-w-C:\STF9F60.tmp
2013-03-25 08:49 . 2013-03-25 08:493902----a-w-C:\STF11A7.tmp
2013-03-25 08:46 . 2013-03-25 08:463472----a-w-C:\STFA00A.tmp
2013-03-25 08:44 . 2013-03-25 08:443472----a-w-C:\STFBF71.tmp
2013-03-25 08:43 . 2013-03-25 08:433472----a-w-C:\STF55AF.tmp
2013-03-25 08:07 . 2013-03-25 08:073862----a-w-C:\STFABAE.tmp
2013-03-25 08:05 . 2013-03-25 08:05--------d-----w-c:\users\User\AppData\Local\by_dekart811
2013-03-25 08:04 . 2013-03-25 16:21--------d-----w-c:\users\User\AppData\Roaming\FAH
2013-03-25 07:38 . 2013-04-02 15:20--------d-----w-c:\users\User\AppData\Local\LogMeIn Hamachi
2013-03-25 07:37 . 2013-04-03 04:28--------d-----w-c:\program files\LogMeIn Hamachi
2013-03-25 07:31 . 2013-03-25 07:313862----a-w-C:\STFA9D9.tmp
2013-03-25 07:17 . 2013-03-25 07:173844----a-w-C:\STF4D5A.tmp
2013-03-25 07:13 . 2013-03-25 07:133844----a-w-C:\STF6B26.tmp
2013-03-25 07:00 . 2013-03-25 07:00--------d-----w-c:\users\User\AppData\Local\SKIDROW
2013-03-23 07:28 . 2013-03-23 07:28--------d-----w-c:\program files\Cheat Engine 6.2
2013-03-22 14:46 . 2013-03-22 14:46--------d-----w-c:\programdata\Lavasoft
2013-03-22 14:46 . 2013-04-02 12:26--------d-----w-c:\program files\Ad-Aware Antivirus
2013-03-22 14:46 . 2013-03-22 14:46--------d-----w-c:\windows\system32\drivers\VDD
2013-03-22 14:41 . 2013-03-22 15:57--------d-----w-c:\users\User\AppData\Roaming\Ad-Aware Antivirus
2013-03-18 03:58 . 2013-03-18 03:58--------d-----w-c:\programdata\REVOLT
2013-03-17 00:35 . 2013-03-17 00:36--------d-----w-c:\users\User\AppData\Local\wanted
2013-03-17 00:35 . 2013-03-17 00:35--------d-----w-c:\programdata\wanted
2013-03-15 09:38 . 2013-03-15 09:38--------d-----w-c:\users\User\AppData\Local\salvation
2013-03-15 09:38 . 2013-03-15 09:38--------d-----w-c:\programdata\salvation
2013-03-15 09:34 . 2013-03-15 09:34--------d-----w-c:\program files\OpenAL
2013-03-15 09:34 . 2013-03-15 09:34418480----a-w-c:\windows\system32\wrap_oal.dll
2013-03-15 09:34 . 2013-03-15 09:34115432----a-w-c:\windows\system32\OpenAL32.dll
2013-03-15 09:34 . 2013-03-15 09:34--------d-----w-c:\program files\AGEIA Technologies
2013-03-15 09:34 . 2013-03-15 09:34--------d-----w-c:\windows\system32\AGEIA
2013-03-15 09:33 . 2013-03-15 09:33--------d-----w-c:\program files\Common Files\Wise Installation Wizard
2013-03-14 11:06 . 2013-04-03 10:22--------d-----w-c:\users\User\AppData\Roaming\vlc
2013-03-14 06:55 . 2013-03-14 06:55--------d-----w-c:\users\User\AppData\Roaming\ScreenSeven
2013-03-14 06:55 . 2013-03-14 06:55--------d-----w-c:\users\User\AppData\Roaming\GRETECH
2013-03-12 06:13 . 2013-03-12 06:30--------d-----w-c:\users\User\AppData\Roaming\Notepad++
2013-03-12 06:13 . 2013-03-12 06:13--------d-----w-c:\program files\Notepad++
2013-03-11 13:54 . 2013-03-11 13:56--------d-----w-c:\program files\RAR Password Cracker
2013-03-11 07:30 . 2013-04-06 13:55--------d-----w-c:\users\User\AppData\Roaming\BitTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 11:01 . 2013-02-22 07:3713560----a-w-c:\windows\system32\drivers\gfibto.sys
2013-04-02 11:01 . 2012-09-19 21:3944424----a-w-c:\windows\system32\sbbd.exe
2013-02-23 07:45 . 2013-02-23 07:4594112----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-02-23 07:45 . 2013-02-23 07:46861088----a-w-c:\windows\system32\npDeployJava1.dll
2013-02-23 07:45 . 2013-02-23 07:46782240----a-w-c:\windows\system32\deployJava1.dll
2013-02-19 08:50 . 2012-05-23 17:15811520----a-w-c:\windows\system32\user32.dll
2013-02-19 08:50 . 2010-11-20 21:29409088----a-w-c:\windows\system32\systemcpl.dll
2013-02-19 08:50 . 2010-11-20 21:2913824----a-w-c:\windows\system32\slwga.dll
2013-02-19 08:38 . 2013-02-19 08:26499712----a-w-c:\windows\system32\msvcp71.dll
2013-02-19 08:38 . 2013-02-19 08:26348160----a-w-c:\windows\system32\msvcr71.dll
2013-03-08 10:24 . 2013-03-08 10:24263064----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.21874] . . c:\windows\System32\user32.dll
[7] 2012-05-23 . F423305D648659593E61ADE582B53E69 . 811520 . . [6.1.7601.21874] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.21874_none_cf88973be4ecd9fb\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:4922376----a-w-c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-02-20 3487128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2013-04-09 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2013-04-09 1836328]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1202560]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-19 345312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Client Utility.lnk - c:\program files\TP-LINK\COMMON\TWCU.exe [2013-2-19 10918400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
--auto-start [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-02-19 08:38296096----a-w-c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
R2 AIPS;Arp Intelligent Protection Service;c:\program files\netcut\services\AIPS.exe [x]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [x]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [x]
R3 TpMediaServer;TpMediaServer;c:\program files\TP-LINK\COMMON\RaMediaServer.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/02/19 16:27];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28u;TP-LINK Wireless USB Adapter;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1009692711-701744250-1283350087-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-22 06:07]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1009692711-701744250-1283350087-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-22 06:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://friendly-google-search.blogspot.com
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\237344232403: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}\E474D284F4F494D2847514E474: NameServer = 8.8.8.8,8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a8918prj.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=gm011&pr=sa&d=2013-04-02 20:58&v=14.2.0.1&pid=safeguard&sg=2&sap=hp
FF - prefs.js: keyword.URL - hxxp://mysearch.avg.com/search?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=gm011&pr=sa&d=2013-04-02 20:58&pid=safeguard&sg=2&v=14.0.0.12&sap=ku&q=
FF - ExtSQL: 2013-02-19 16:38; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2013-02-20 10:36; mozilla_cc@internetdownloadmanager.com; c:\users\User\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2013-02-22 15:45; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a8918prj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: 2013-04-02 20:58; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
MSConfigStartUp-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
AddRemove-Assassin's Creed III_is1 - f:\assassin's creed iii\unins000.exe
AddRemove-AVG SafeGuard toolbar - c:\program files\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-NetCut_is1 - c:\program files\netcut\unins000.exe
AddRemove-Sniper Ghost Warrior_is1 - g:\strategi\Sniper Ghost Warrior\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:81,34,cd,31,b6,10,ce,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ASRock\XFast LAN\spd.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\TP-LINK\COMMON\RaRegistry.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-04-09 13:16:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-09 05:16
.
Pre-Run: 10,702,946,304 bytes free
Post-Run: 10,677,559,296 bytes free
.
- - End Of File - - 29B0AE5B8CA26E3C2461ADA195C91644
 
Looks good.

How is computer doing?

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer doing well , no more High CPU usage , no more error when opening new tab on browser...but the AVG detect lot W32/SALITY.AT (AVG took 4 hours to full scan)

I'm proceeding with next step you gave..
 
AVG detect lot W32/SALITY.AT
This is not good....

Hold on with my previous reply for now.

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
From AdwCleaner

# AdwCleaner v2.200 - Logfile created 04/10/2013 at 09:32:23
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\adawaretb

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

-\\ Google Chrome v26.0.1410.43

*************************

AdwCleaner[S1].txt - [3220 octets] - [10/04/2013 09:32:23]

########## EOF - C:\AdwCleaner[S1].txt - [3280 octets] ##########

============================================================

From JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Professional x86
Ran by User on Wed 04/10/2013 at 9:39:17.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\a8918prj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\a8918prj.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://mysearch.avg.com/?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2
user_pref("keyword.URL", "hxxp://mysearch.avg.com/search?cid={ADDC54CD-914D-4045-AFEF-48703E98A3FB}&mid=3f22fca78daf47d388d127cb1d379c46-ad1491be2ce6c122f6b66faa90e70c2decf7d3



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/10/2013 at 9:46:03.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I cant put both report from OTL at same place...limit character
From OTL.txt

OTL logfile created on: 4/10/2013 9:47:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.57% Memory free
4.00 Gb Paging File | 2.88 Gb Available in Paging File | 71.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.14 Gb Total Space | 8.91 Gb Free Space | 12.18% Space Free | Partition Type: NTFS
Drive D: | 75.80 Gb Total Space | 40.33 Gb Free Space | 53.20% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/10 09:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013/04/03 21:26:19 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/03/19 08:12:42 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/03/06 15:13:53 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/02/25 15:47:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/02/25 15:47:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/12/20 03:56:24 | 000,482,304 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/12/20 03:55:48 | 000,219,136 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/12/19 15:30:54 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/05/24 01:29:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012/05/24 01:28:03 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/10/19 16:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\spd.exe
PRC - [2011/10/19 16:19:20 | 001,202,560 | R--- | M] (cFos Software GmbH) -- C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
PRC - [2011/09/07 15:54:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe
PRC - [2011/04/20 11:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/04/01 17:08:50 | 010,918,400 | ---- | M] (TP-LINK Technology, Corp.) -- C:\Program Files\TP-LINK\COMMON\TWCU.exe
PRC - [2011/03/31 21:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/03/31 21:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011/03/14 15:25:48 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
PRC - [2010/11/21 05:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/21 05:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/19 23:59:27 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
MOD - [2013/02/19 21:24:40 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
MOD - [2013/02/19 21:24:34 | 011,912,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\a70842538614699d690561ef5f43598b\System.Web.ni.dll
MOD - [2013/02/19 21:24:25 | 000,767,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll
MOD - [2013/02/19 21:23:49 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2013/02/19 21:13:02 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2013/02/19 21:12:51 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2013/02/19 21:12:46 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2013/02/19 21:12:43 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
MOD - [2013/02/19 21:12:38 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2013/02/19 21:12:34 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2013/02/19 21:12:32 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2013/02/19 21:12:23 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2013/02/19 21:12:22 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2013/02/19 21:12:19 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2013/02/19 21:12:12 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/12/19 15:31:12 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/03/14 15:20:20 | 001,033,568 | ---- | M] () -- C:\Program Files\TP-LINK\COMMON\RaWLAPI.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\netcut\services\AIPS.exe -- (AIPS)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/04/08 23:00:56 | 000,619,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\TP-LINK\COMMON\RaMediaServer.exe -- (TpMediaServer)
SRV - [2013/04/08 23:00:52 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2013/04/08 23:00:46 | 001,509,888 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/04/03 21:26:19 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/08 18:24:37 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/25 15:47:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/25 15:47:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/19 16:50:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/12/20 03:55:48 | 000,219,136 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/12/19 15:30:54 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/19 16:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2011/09/07 15:54:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2011/04/20 11:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/03/31 21:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/03/31 21:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/03/14 15:25:48 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\TP-LINK\COMMON\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\USERS\USER\APPDATA\LOCAL\TEMP\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2013/04/03 21:26:19 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/04/02 19:01:13 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/03/06 15:13:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/02/27 12:22:41 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/02/27 12:22:41 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/12/20 04:47:46 | 009,647,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/12/20 03:32:06 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/12/17 06:43:06 | 000,033,616 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/06 19:11:46 | 000,084,992 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/09/12 20:19:38 | 000,066,344 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/08/09 17:02:52 | 000,033,104 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV - [2012/05/24 00:51:20 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2012/04/23 19:26:26 | 000,096,056 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/09/07 15:53:12 | 001,814,640 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2011/07/07 01:12:48 | 000,328,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2011/07/04 15:19:02 | 001,180,032 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV - [2011/04/20 11:56:48 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)
DRV - [2011/04/12 17:16:53 | 000,077,296 | ---- | M] (CyberLink Corp.) [2013/02/19 16:27:30] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/03/14 15:25:20 | 001,174,880 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2010/11/21 05:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/21 05:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/21 05:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/21 05:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/21 05:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/21 05:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/21 05:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/21 05:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/21 05:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/26 01:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/03/04 22:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 06:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://friendly-google-search.blogspot.com
IE - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/02/19 16:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/22 22:46:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2013/02/20 10:36:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/22 22:46:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2013/02/20 10:36:45 | 000,000,000 | ---D | M]

[2013/02/20 10:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2013/02/22 15:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a8918prj.default\extensions
[2013/04/10 09:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a8918prj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013/03/08 18:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 18:24:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 16:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/03 21:27:43 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/28 19:13:08 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://mysearch.avg.com/?cid={ADDC5...decf7d34c&lang=en&ds=gm011&pr=sa&d=2013-04-02 20:58:17&v=14.2.0.1&pid=safeguard&sg=2&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: FVD Video Downloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.3_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/09 13:11:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKU\S-1-5-21-1009692711-701744250-1283350087-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1009692711-701744250-1283350087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F449F9D-F283-4D55-930B-FC51FCEFD2D8}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/04/10 09:40:32 | 000,000,235 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/04/10 09:14:39 | 000,000,224 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/10 09:39:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/10 09:39:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/10 09:20:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/04/10 09:19:39 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe
[2013/04/09 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Realore_Whiterra Adelantado2
[2013/04/09 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adelantado Trilogy Book Two
[2013/04/09 21:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adelantado Trilogy Book Two
[2013/04/09 20:42:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ayah
[2013/04/09 17:19:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (3)
[2013/04/09 13:13:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/04/09 13:11:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2013/04/09 13:02:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/09 13:02:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/09 13:02:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/09 13:02:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/09 13:02:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/09 00:04:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
[2013/04/08 20:48:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ElevatedDiagnostics
[2013/04/08 20:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013/04/08 19:20:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.com
[2013/04/08 19:15:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013/04/08 19:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/08 19:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 19:14:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/08 19:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/08 19:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2013/04/08 19:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Task Manager
[2013/04/03 17:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\GreenTree Applications
[2013/04/03 17:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD YouTube Downloader & Converter
[2013/04/02 20:59:32 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\flash
[2013/04/02 20:59:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\AVG SafeGuard toolbar
[2013/04/02 20:58:14 | 000,033,112 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/04/02 20:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/04/02 20:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/04/02 20:57:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/04/02 20:23:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2013/04/02 20:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/04/02 20:10:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013/04/02 20:10:45 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/04/02 20:10:45 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/04/02 20:10:45 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/04/02 20:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/04/02 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/04/02 19:02:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nero
[2013/04/02 17:29:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apps
[2013/04/01 21:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013/04/01 21:59:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\BridgeProject
[2013/04/01 21:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bridge Project
[2013/04/01 17:01:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PunkBuster
[2013/04/01 17:00:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Theta
[2013/04/01 16:46:12 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\FarCry 3
[2013/03/28 21:20:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/03/28 21:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2013/03/28 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\IAmAlive
[2013/03/25 16:05:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\by_dekart811
[2013/03/25 16:04:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FAH
[2013/03/25 15:38:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn Hamachi
[2013/03/25 15:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/03/25 15:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2013/03/25 15:00:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SKIDROW
[2013/03/25 14:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2013/03/23 15:28:40 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Cheat Tables
[2013/03/23 15:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013/03/23 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.2
[2013/03/23 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (2)
[2013/03/22 22:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/03/22 22:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/22 22:46:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2013/03/22 22:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/03/22 22:41:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ad-Aware Antivirus
[2013/03/18 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2013/03/18 11:58:50 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Telltale Games
[2013/03/17 08:35:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\wanted
[2013/03/17 08:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\wanted
[2013/03/16 12:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2013/03/15 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\salvation
[2013/03/15 17:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\salvation
[2013/03/15 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2013/03/15 17:34:14 | 000,418,480 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2013/03/15 17:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/03/15 17:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/03/15 17:34:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2013/03/15 17:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/03/15 17:33:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2013/03/14 19:06:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2013/03/14 14:55:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ScreenSeven
[2013/03/14 14:55:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GRETECH
[2013/03/13 01:02:03 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\UMNO kewangan
[2013/03/12 14:13:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/03/12 14:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/03/12 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Notepad++
[2013/03/12 14:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013/03/11 21:54:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
[2013/03/11 21:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
[2013/03/11 21:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Cracker
[2013/03/11 15:30:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\BitTorrent
[22 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/10 09:40:32 | 000,103,140 | RHS- | M] () -- C:\itnu.pif
[2013/04/10 09:40:32 | 000,000,235 | RHS- | M] () -- C:\autorun.inf
[2013/04/10 09:33:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 09:33:31 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/10 09:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/04/10 09:19:50 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe
[2013/04/10 09:19:28 | 000,613,083 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013/04/10 00:12:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1009692711-701744250-1283350087-1000UA.job
[2013/04/09 21:38:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Adelantado Trilogy Book Two.lnk
[2013/04/09 14:12:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1009692711-701744250-1283350087-1000Core.job
[2013/04/09 13:11:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/09 01:04:43 | 000,016,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 01:04:42 | 000,016,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 00:03:50 | 000,816,128 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe
[2013/04/08 23:09:55 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/08 23:09:55 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/08 20:00:13 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013/04/08 19:35:01 | 000,281,688 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013/04/08 19:18:41 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.com
[2013/04/08 19:14:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/08 19:03:29 | 000,001,120 | ---- | M] () -- C:\Users\User\Desktop\Advanced Task Manager.lnk
[2013/04/08 00:34:03 | 000,138,032 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/04/08 00:33:42 | 000,281,688 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013/04/06 19:21:20 | 000,001,319 | ---- | M] () -- C:\Users\User\Desktop\farcry3_d3d11 - Shortcut.lnk
[2013/04/03 21:26:19 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/04/03 17:34:48 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2013/04/03 10:13:13 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/04/02 20:58:37 | 000,001,179 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2013/04/02 20:58:37 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/04/02 20:11:21 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/04/02 19:01:13 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/04/02 19:01:13 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/04/01 12:28:01 | 000,000,273 | ---- | M] () -- C:\Users\User\Documents\AutoHotkey.ahk
[2013/03/31 20:17:46 | 000,002,358 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2013/03/28 21:46:40 | 000,001,553 | ---- | M] () -- C:\Users\User\Desktop\IAmAlive_game - Shortcut.lnk
[2013/03/28 21:27:57 | 000,001,159 | ---- | M] () -- C:\Users\User\Desktop\Uplay.lnk
[2013/03/26 11:34:11 | 000,408,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/03/25 20:10:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/03/25 20:10:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/03/23 15:28:36 | 000,001,043 | ---- | M] () -- C:\Users\User\Desktop\Cheat Engine.lnk
[2013/03/20 20:24:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/03/20 13:19:44 | 000,000,522 | ---- | M] () -- C:\Users\User\Desktop\samp - Shortcut.lnk
[2013/03/16 00:42:13 | 000,641,903 | ---- | M] () -- C:\Users\User\Desktop\tumblr_inline_mjfxlrMfpb1qz4rgp.gif
[2013/03/15 17:34:14 | 000,418,480 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2013/03/14 15:13:30 | 000,007,607 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/03/13 20:24:57 | 000,029,144 | ---- | M] () -- C:\Users\User\Desktop\Payment-Voucher-Template.jpg
[2013/03/11 15:36:32 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2013/03/11 15:36:32 | 000,000,849 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[22 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/10 09:40:32 | 000,103,140 | RHS- | C] () -- C:\itnu.pif
[2013/04/10 09:40:08 | 000,000,235 | RHS- | C] () -- C:\autorun.inf
[2013/04/10 09:19:13 | 000,613,083 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013/04/09 21:38:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Adelantado Trilogy Book Two.lnk
[2013/04/09 13:02:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 13:02:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 13:02:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 13:02:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 13:02:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/09 00:03:25 | 000,816,128 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe
[2013/04/08 20:00:13 | 000,000,710 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013/04/08 19:14:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/08 19:03:29 | 000,001,120 | ---- | C] () -- C:\Users\User\Desktop\Advanced Task Manager.lnk
[2013/04/03 17:34:48 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2013/04/02 20:11:21 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/04/02 13:07:43 | 000,001,319 | ---- | C] () -- C:\Users\User\Desktop\farcry3_d3d11 - Shortcut.lnk
[2013/04/01 17:01:53 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/04/01 17:01:46 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
 
[2013/04/01 17:01:46 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2013/04/01 17:01:36 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2013/04/01 17:01:22 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2013/03/31 21:06:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/03/28 21:46:40 | 000,001,553 | ---- | C] () -- C:\Users\User\Desktop\IAmAlive_game - Shortcut.lnk
[2013/03/28 21:20:34 | 000,001,159 | ---- | C] () -- C:\Users\User\Desktop\Uplay.lnk
[2013/03/25 20:10:52 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/03/25 20:10:52 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/03/23 15:28:36 | 000,001,043 | ---- | C] () -- C:\Users\User\Desktop\Cheat Engine.lnk
[2013/03/20 20:24:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/03/16 00:42:11 | 000,641,903 | ---- | C] () -- C:\Users\User\Desktop\tumblr_inline_mjfxlrMfpb1qz4rgp.gif
[2013/03/14 15:13:30 | 000,007,607 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/03/13 20:24:40 | 000,029,144 | ---- | C] () -- C:\Users\User\Desktop\Payment-Voucher-Template.jpg
[2013/03/11 15:36:32 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2013/03/11 15:36:32 | 000,000,849 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/02/27 12:23:34 | 000,000,984 | ---- | C] () -- C:\Windows\eReg.dat
[2013/02/26 17:20:36 | 000,000,003 | ---- | C] () -- C:\Users\User\AppData\Local\user_data.ini
[2013/02/19 22:06:59 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013/02/19 22:06:47 | 000,480,608 | ---- | C] () -- C:\Windows\System32\DiagFunc.dll
[2013/02/19 22:06:47 | 000,000,452 | ---- | C] () -- C:\Windows\System32\DiagFunc.ini
[2013/02/19 20:49:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/02/19 20:42:26 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2013/02/19 20:42:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2013/02/19 20:42:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2013/02/19 20:42:25 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2013/02/19 20:42:25 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2013/02/19 20:42:22 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013/02/19 20:42:18 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2013/02/19 14:21:24 | 000,010,084 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/12/19 15:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/11/19 15:33:32 | 000,065,656 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2012/11/19 15:33:30 | 000,022,640 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2012/05/24 00:59:19 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/05/24 01:21:51 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/22 23:57:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ad-Aware Antivirus
[2013/02/20 11:34:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BANDISOFT
[2013/04/06 21:55:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2013/02/20 14:54:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\bizarre creations
[2013/03/09 12:54:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BlackBean
[2013/03/10 14:47:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CreeperWorld2
[2013/02/27 10:02:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2013/04/10 00:40:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DMCache
[2013/02/19 21:00:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DRPSu
[2013/03/26 00:21:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FAH
[2013/03/22 12:47:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IDM
[2013/02/20 14:46:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MinMaxGames
[2013/03/12 14:30:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++
[2013/03/14 14:55:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ScreenSeven
[2013/04/01 17:00:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Theta
[2013/04/07 14:41:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client
[2013/03/01 19:16:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wargaming.net

========== Purity Check ==========



< End of report >

From Extra.txt

OTL Extras logfile created on: 4/10/2013 9:47:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.57% Memory free
4.00 Gb Paging File | 2.88 Gb Available in Paging File | 71.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.14 Gb Total Space | 8.91 Gb Free Space | 12.18% Space Free | Partition Type: NTFS
Drive D: | 75.80 Gb Total Space | 40.33 Gb Free Space | 53.20% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Download Manager\IEMonitor.exe" = C:\Program Files\Internet Download Manager\IEMonitor.exe:*:Enabled:ipsec -- (Tonec Inc.)
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe:*:Enabled:ipsec -- (ATI Technologies Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2806832E-F826-4403-9B57-2AC9A90DA568}" = lport=139 | protocol=6 | dir=in | app=system |
"{2AA1EA62-5533-40CB-B9BF-C88116ECD5B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{456CFB3B-4227-4658-97E0-879B8F3145F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59B9B1FA-BB80-41D4-9909-CB3BD29E48D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F2BEADB-10DD-4BD5-ACEA-8D933F79ADC0}" = rport=138 | protocol=17 | dir=out | app=system |
"{A50F881A-7507-4110-A60A-D41915F814DF}" = rport=139 | protocol=6 | dir=out | app=system |
"{B5C74011-68F3-415A-B95C-D3E725507724}" = lport=138 | protocol=17 | dir=in | app=system |
"{D3FA7340-D6FF-455F-88E9-1013C7A5C94B}" = lport=137 | protocol=17 | dir=in | app=system |
"{D92F7F7A-7A74-4AE3-96D1-D75E4DA7A640}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F0BB9B93-FE0D-406E-8D6D-CBF47B075010}" = rport=445 | protocol=6 | dir=out | app=system |
"{F6A67DA5-32D4-47E0-8C96-738A68CFC159}" = rport=137 | protocol=17 | dir=out | app=system |
"{F86E31C5-F575-4334-8488-BAF939EB794A}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0304D486-E20B-42AD-8727-56463BB44C80}" = dir=in | app=c:\program files\cyberlink\powerdvd11\pdvd11serv.exe |
"{0972CA6D-46D3-4A19-8AC4-9410468CCFE4}" = protocol=58 | dir=in | app=system |
"{0D6866ED-EED5-434D-B690-91F13195AC7C}" = protocol=6 | dir=in | app=c:\users\user\documents\farcry 3\bin\farcry3_d3d11.exe |
"{0DBF5FB0-0451-4C95-B9AA-C6FEEDE2D8D4}" = protocol=6 | dir=in | app=c:2\strategi\assassin's creed iii\ac3sp.exe |
"{206C5115-56F0-403A-B0EF-D4F38C7AF7BA}" = protocol=17 | dir=in | app=c:2\strategi\assassin's creed iii\ac3sp.exe |
"{23313B26-56C3-4AC9-9E68-7BC82A84F1EC}" = protocol=17 | dir=in | app=c:\users\user\documents\farcry 3\bin\farcry3.exe |
"{2809EA6A-EADC-4507-8CCD-732E6D03EA26}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{39A0657C-5EED-4E81-A73E-7E781AA60EF8}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\moviemodule.exe |
"{47551D88-B786-4268-88F6-9C98B4E2E32E}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{54D20528-7813-4706-9B90-B831EE662E97}" = protocol=6 | dir=in | app=c:\users\user\downloads\I am alive pc full game single-player ^^nosteam^^\I am alive\src\system\iamalive_game.exe |
"{59115DA2-C25A-41D6-A5E7-E58B8E3BEC20}" = protocol=17 | dir=in | app=c:\users\user\downloads\I am alive pc full game single-player ^^nosteam^^\I am alive\src\system\iamalive_game.exe |
"{614448D4-B9E2-494B-B7F0-C623781965CF}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{67F42B90-9176-4289-A7BD-3584D4DFB140}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6DDEFBEE-B377-42DF-940B-F8C38619FD3D}" = protocol=17 | dir=in | app=c:\users\user\documents\farcry 3\bin\farcry3_d3d11.exe |
"{7D463FC2-DB41-4BC4-B554-EA39B27145C6}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\I am alive\src\system\iamalive_game.exe |
"{961F91C5-761C-4056-8ECA-CA1FBEA8654E}" = dir=in | app=c:\program files\cyberlink\powerdvd11\powerdvd11.exe |
"{98F4CFEB-AC10-4C95-A62C-740AE182331F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9CCF2859-3644-4DAB-8257-EDA601EDF309}" = dir=in | app=c:\program files\cyberlink\powerdvd11\common\mediaserver\clmsserver.exe |
"{A6D738FE-6321-4DC0-9C48-35E101FDC07B}" = protocol=6 | dir=in | app=f:\strategi\crysis 2\bin32\crysis2.exe |
"{CD34D1DE-A045-4202-93FD-75526A6C9FC4}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{CD5A9A97-4603-4A96-8381-C192EB6D2EB0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DAFE40F9-B213-4319-A207-895585C5F428}" = protocol=6 | dir=in | app=c:\users\user\documents\farcry 3\bin\farcry3.exe |
"{E5696DBF-512F-474C-925F-0913AF9AA1B4}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E893974F-1A47-447A-9A95-E0F90E9A2E9C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\I am alive\src\system\iamalive_game.exe |
"{EEBFF846-5860-4FED-B922-4B05E44C4A13}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{F131E2B5-4265-4FE8-A0C6-9B4D400BE5CD}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{F46244EE-0D9A-409B-81CF-ADE9A3E7340A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F556644E-8332-45A1-8512-EF1B5D9B59F9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{F85716CB-9CD6-4838-B478-5C67BB32B07A}" = protocol=17 | dir=in | app=f:\strategi\crysis 2\bin32\crysis2.exe |
"TCP Query User{00C426FC-CEDC-424F-934C-BEF93223495B}C:\program files\common files\nero\lib\nmindexstoresvr.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\lib\nmindexstoresvr.exe |
"TCP Query User{0C515E61-AA5C-407F-9885-32E35D0DA6B8}D:\activision\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\activision\world_of_tanks\wotlauncher.exe |
"TCP Query User{120DFFDE-0500-4162-897B-5C9D17107722}C:\users\user\appdata\local\temp\7d5c2e44-adf8-4bda-baee-cea96f3acefe\dismhost.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\7d5c2e44-adf8-4bda-baee-cea96f3acefe\dismhost.exe |
"TCP Query User{194B8A85-BFB6-4771-B2AA-0731B229FEF1}C:\windows\system32\userinit.exe" = protocol=6 | dir=in | app=c:\windows\system32\userinit.exe |
"TCP Query User{291F2CFB-E7BB-42E3-B201-94060D9F9B3C}C:5\test drive - unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:5\test drive - unlimited\testdriveunlimited.exe |
"TCP Query User{2C5BADE0-1EFC-4B17-88C5-5B43147F3E44}C:\program files\asrock\xfast lan\cfosspeed.exe" = protocol=6 | dir=in | app=c:\program files\asrock\xfast lan\cfosspeed.exe |
"TCP Query User{38DDFF2C-766B-4667-AE67-454C32B75BED}C:\windows\system32\searchprotocolhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\searchprotocolhost.exe |
"TCP Query User{3B3C3C57-C21E-4B00-A5C5-300579A79BDC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{4259EC2C-1F7C-4AD7-9DB5-A507613775BA}D:\activision\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\activision\world_of_tanks\wotlauncher.exe |
"TCP Query User{4C3A04B3-C1D5-4660-8774-F41C5855185C}C:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe |
"TCP Query User{51C05529-6BFD-47D9-95E2-D39E7473543D}C:5\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=c:5\assassin's creed iii\ac3sp.exe |
"TCP Query User{52B71CC6-FB27-4F00-9D61-00AF10ECDD69}C:\program files\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"TCP Query User{589F443B-04E7-44BB-AEC0-852A2FB90C8B}C:\program files\tp-link\common\twcu.exe" = protocol=6 | dir=in | app=c:\program files\tp-link\common\twcu.exe |
"TCP Query User{5B82D9D8-EE4A-4A22-AE82-D1811CFBF093}C:\windows\system32\conhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\conhost.exe |
"TCP Query User{616E7171-B25D-498D-A4BF-AEFED95F44A1}D:\activision\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\activision\world of tanks\wotlauncher.exe |
"TCP Query User{6F616563-626A-473E-AC0E-16C503922154}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{6FF802B0-E796-49CC-8DC2-E8D5046D2CD5}C:\program files\ea games\command & conquer generals zero hour\generals.exe" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\generals.exe |
"TCP Query User{7D9885D9-1EE6-4E53-BCC5-1089C4BEEB92}C:\program files\common files\nero\lib\nmbgmonitor.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\lib\nmbgmonitor.exe |
"TCP Query User{85A43939-790D-449F-9781-4E1A7EA91418}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{92291B69-EF2B-4837-BC6D-85FF12606067}C:\program files\logmein hamachi\hamachi-2-ui.exe" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"TCP Query User{95777E54-22FB-4B0B-A3AB-51F806BBC388}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe |
"TCP Query User{A042E76D-19E7-436A-9F52-DB1E6D6B97F4}D:\activision\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\activision\world_of_tanks\worldoftanks.exe |
"TCP Query User{A4EAB9CB-1825-4055-A178-EC3FB9A64296}C:\program files\real\realplayer\update\realsched.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\update\realsched.exe |
"TCP Query User{B1E84DEB-0AA1-44DF-9859-D5D861470C28}G:\strategi\bully\blur(tm)\blur.exe" = protocol=6 | dir=in | app=g:\strategi\bully\blur(tm)\blur.exe |
"TCP Query User{B2FEBA6F-E66D-48B7-B1FD-C8783390D81E}C:\users\user\appdata\roaming\biogoh.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\biogoh.exe |
"TCP Query User{B56DEF31-5430-4A9D-9A44-76DCBAF40BED}C:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe |
"TCP Query User{B67CC27D-E31C-44BF-A8AE-4B7324387B5D}C:\windows\system32\taskmgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskmgr.exe |
"TCP Query User{C568E8B0-1653-4EF3-98C1-BEB2ECBC44D6}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{CCC69A2F-B5A5-41F7-A551-DCD2E98CFB21}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe |
"TCP Query User{CEEBC1CF-3E03-4E50-9B7B-3A95B389BE82}C:\program files\internet download manager\iemonitor.exe" = protocol=6 | dir=in | app=c:\program files\internet download manager\iemonitor.exe |
"TCP Query User{D3828576-1FCE-4919-9295-140CB76A06F3}C:\program files\avg safeguard toolbar\vprot.exe" = protocol=6 | dir=in | app=c:\program files\avg safeguard toolbar\vprot.exe |
"TCP Query User{D54861A5-4CE7-4C98-A78C-07425F475EBD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D6406532-7CAA-4ABB-A7FA-3A87FB942028}C:\program files\common files\nero\lib\nerocheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\lib\nerocheck.exe |
"TCP Query User{D7010BB0-3C67-486A-8D3B-55A82FD6673C}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{DC67409B-970D-4580-9242-305A46FCC8E6}C:\program files\ati technologies\ati.ace\core-static\ccc.exe" = protocol=6 | dir=in | app=c:\program files\ati technologies\ati.ace\core-static\ccc.exe |
"TCP Query User{E31689B5-D5F8-442B-86C0-DEE8729116E6}C:\program files\ubisoft\ubisoft game launcher\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\farcry 3\bin\farcry3_d3d11.exe |
"TCP Query User{E959A594-CB79-42F6-A65B-835B9E4CC0F8}C:\program files\ati technologies\ati.ace\core-static\mom.exe" = protocol=6 | dir=in | app=c:\program files\ati technologies\ati.ace\core-static\mom.exe |
"TCP Query User{F2CB85AF-5E69-4359-B227-93EFA94655E5}D:1\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=d:1\assassin's creed iii\ac3sp.exe |
"TCP Query User{F50AEE30-FE05-4422-B267-ADF1648C5EB7}F:\test drive - unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=f:\test drive - unlimited\testdriveunlimited.exe |
"TCP Query User{F9224C03-C12F-4E12-B9B9-8BDC28396605}F:\test drive - unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=f:\test drive - unlimited\testdriveunlimited.exe |
"TCP Query User{FC1640CE-6E6B-43AE-B718-E089F1B736C8}C:\windows\system32\cleanmgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\cleanmgr.exe |
"UDP Query User{02E8D294-AF7E-444C-BD48-08C6BF4E6A17}C:\windows\system32\userinit.exe" = protocol=17 | dir=in | app=c:\windows\system32\userinit.exe |
"UDP Query User{1BAB0933-C6D9-4769-92C6-46FB4CCCB1D7}D:\activision\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\activision\world_of_tanks\wotlauncher.exe |
"UDP Query User{276CA005-AB0E-4F02-B3D6-5364C6D30973}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{28DF9063-0133-4521-A8F1-AE5CA6D17DB7}G:\strategi\bully\blur(tm)\blur.exe" = protocol=17 | dir=in | app=g:\strategi\bully\blur(tm)\blur.exe |
"UDP Query User{2EFD044E-68FC-460D-9E97-8570531EA395}C:\program files\logmein hamachi\hamachi-2-ui.exe" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"UDP Query User{2F9CB50E-E2E0-40B8-9409-E92AC25AF606}C:5\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=c:5\assassin's creed iii\ac3sp.exe |
"UDP Query User{3CA24E33-F033-498D-A02D-732F024C2589}C:5\test drive - unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:5\test drive - unlimited\testdriveunlimited.exe |
"UDP Query User{49B2F480-E9DF-4F01-97DA-D3787472CE31}C:\program files\asrock\xfast lan\cfosspeed.exe" = protocol=17 | dir=in | app=c:\program files\asrock\xfast lan\cfosspeed.exe |
"UDP Query User{4C7D0B5B-8852-4D0C-A34D-01B87CD17DF6}C:\program files\common files\nero\lib\nmindexstoresvr.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\lib\nmindexstoresvr.exe |
"UDP Query User{4D2D1EA9-2132-4BCC-81D0-DC71B5CAA2DB}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe |
"UDP Query User{4D5E28F3-1FBB-4D55-AE31-E6A7522D54E6}D:\activision\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\activision\world of tanks\wotlauncher.exe |
"UDP Query User{4F182B25-9723-4F19-BEFC-D8017810BD1B}C:\program files\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"UDP Query User{58AAA12C-6E62-4FEF-8D32-57DF55B572E0}C:\program files\ati technologies\ati.ace\core-static\ccc.exe" = protocol=17 | dir=in | app=c:\program files\ati technologies\ati.ace\core-static\ccc.exe |
"UDP Query User{5B21DD7E-5D79-46FE-B701-D2C5BDDD8AC0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{5B9F8FC0-A23D-459F-A902-6D4CD22247A1}C:\program files\ati technologies\ati.ace\core-static\mom.exe" = protocol=17 | dir=in | app=c:\program files\ati technologies\ati.ace\core-static\mom.exe |
"UDP Query User{65D50B31-B09B-4B52-9FAE-78A16A82C5D0}C:\program files\real\realplayer\update\realsched.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\update\realsched.exe |
"UDP Query User{669D4CF1-1B8F-44A5-80B0-35A29C73666B}C:\program files\common files\nero\lib\nmbgmonitor.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\lib\nmbgmonitor.exe |
"UDP Query User{6789ACE2-A023-406C-ADCA-D767FABA37B8}D:\activision\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\activision\world_of_tanks\worldoftanks.exe |
"UDP Query User{6EE7F0B3-5E16-4FC4-98DC-7CA60EB225D9}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe |
"UDP Query User{6F83BCB6-8B3F-4297-BCFB-29EA9B98F2F7}C:\program files\internet download manager\iemonitor.exe" = protocol=17 | dir=in | app=c:\program files\internet download manager\iemonitor.exe |
"UDP Query User{7781EC3E-0CD9-4D14-BCE1-E95591197198}C:\windows\system32\cleanmgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\cleanmgr.exe |
"UDP Query User{790A34F5-F3F6-4DBD-9E5B-534AD8825B8F}F:\test drive - unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=f:\test drive - unlimited\testdriveunlimited.exe |
"UDP Query User{7E556F35-D5E9-412A-993B-FCC881B43743}C:\program files\avg safeguard toolbar\vprot.exe" = protocol=17 | dir=in | app=c:\program files\avg safeguard toolbar\vprot.exe |
"UDP Query User{8B6AD7D3-058C-4FD2-AD43-B6AD0FFAAB16}C:\users\user\appdata\local\temp\7d5c2e44-adf8-4bda-baee-cea96f3acefe\dismhost.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\7d5c2e44-adf8-4bda-baee-cea96f3acefe\dismhost.exe |
"UDP Query User{93CDA920-96ED-407B-92E5-450E4B3573F2}C:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe |
"UDP Query User{9731BE1B-7FB5-4C07-85AE-A3BAA9BAD473}C:\program files\common files\nero\lib\nerocheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\lib\nerocheck.exe |
"UDP Query User{9A8759A2-A625-41FF-83A9-4C049E1B9CD9}C:\users\user\appdata\roaming\biogoh.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\biogoh.exe |
"UDP Query User{9F11E7DE-975A-47E6-8D99-E72E68123B7D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{A65008BD-950C-43F2-A905-F21AD5EA6749}D:\activision\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\activision\world_of_tanks\wotlauncher.exe |
"UDP Query User{AB991276-CA87-4D30-83ED-E7ECD05DCB3B}C:\program files\tp-link\common\twcu.exe" = protocol=17 | dir=in | app=c:\program files\tp-link\common\twcu.exe |
"UDP Query User{B52A2330-0664-4571-BF4B-ACA58B1B6519}C:\program files\ubisoft\ubisoft game launcher\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\farcry 3\bin\farcry3_d3d11.exe |
"UDP Query User{B90F2EBF-1703-49ED-8ED3-84C70BF95996}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{BCBE96F0-68E4-4654-8DB2-4DC170895317}F:\test drive - unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=f:\test drive - unlimited\testdriveunlimited.exe |
"UDP Query User{BECEC119-8E9A-4474-9C7E-3D50AD34C3B3}D:1\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=d:1\assassin's creed iii\ac3sp.exe |
"UDP Query User{C97FC239-DF9D-49EF-880F-1580C8756421}C:\windows\system32\taskmgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskmgr.exe |
"UDP Query User{D0F106BD-938B-4A79-A93B-ED2A8D0560E3}C:\program files\ea games\command & conquer generals zero hour\generals.exe" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\generals.exe |
"UDP Query User{D7B6C8F9-3030-4C7C-9E37-1EA57C7A48C8}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{E1EE7149-2D89-48D3-810D-058E02BBDFE8}C:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\nazrin999\team fortress 2\hl2.exe |
"UDP Query User{EC7742C0-43E1-4D7B-ABCF-4F2003F3FA78}C:\windows\system32\conhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\conhost.exe |
"UDP Query User{F9D944F2-603E-4CA9-B3DC-19BC9A816F97}C:\windows\system32\searchprotocolhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\searchprotocolhost.exe |
"UDP Query User{FFBF3DD9-080B-40D9-AF3C-86B22F51E644}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004D677F-9935-0D07-4BB9-44EE9B53382A}" = AMD Fuel
"{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek
"{022BC727-ACB7-4C1D-109C-177515714A32}" = AMD VISION Engine Control Center
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish
"{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard
"{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese
"{11EBACCC-8A12-D33E-9F9A-CF3F354C9C43}" = AMD Accelerated Video Transcoding
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812SEA}_is1" = World of Tanks
"{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish
"{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch
"{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional
"{429D0B67-B925-EBD6-B83B-21A7554A0212}" = ccc-utility
"{44D9C861-7B40-41E4-8A25-C9EBB9A7A59B}" = TP-LINK Wireless Client Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4d06741b-db1d-4d4d-b31c-b52ad89fd521}" = Graboid Video 3.84 Setup
"{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian
"{66F81F38-62F4-42D2-C6E4-2521F73987CF}" = AMD Media Foundation Decoders
"{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
"{8CB0D512-C3B1-1089-B7F9-53B8E0089F90}" = AMD Drag and Drop Transcoding
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai
"{95316F50-3D46-C92A-D76B-6E40795C4072}" = AMD Catalyst Install Manager
"{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}" = Nero 8
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{D2E9333F-8DCD-4DDA-A90B-A30DFD5791AC}" = Portal 2
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy
"{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish
"{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All
"{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common
"{ECEFE8C6-6B99-49F1-80FD-7E3C175913FE}_is1" = Adelantado Trilogy Book Two version 1.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish
"Adobe AIR" = Adobe AIR
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.28
"ATM5_is1" = Advanced Task Manager for Windows Vista & Windows XP
"AutoHotkey" = AutoHotkey 1.1.09.03
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"GOM Player" = GOM Player
"Graboid Video" = Graboid Video 3.84
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Internet Download Manager" = Internet Download Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 15.0" = RealPlayer
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uplay" = Uplay
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"XFast LAN" = XFast LAN v6.61

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1009692711-701744250-1283350087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

< End of report >
 
C:\autorun.infINF/Autorun.gen worm
C:\itnu.pifWin32/Sality virus
C:\JRT\choice.exeWin32/Sality.NBA virus
C:\JRT\cut.exeWin32/Sality.NBA virus
C:\JRT\nircmd.exeWin32/Sality.NBA virus
C:\JRT\sed.exeWin32/Sality.NBA virus
C:\JRT\shortcut.exeWin32/Sality.NBA virus
C:\JRT\erunt\ERUNT.EXEWin32/Sality.NBA virus
C:\PHOTOSHOP 7.0\Setup.exeWin32/Sality.NBA virus
C:\PHOTOSHOP 7.0\_ISDel.exeWin32/Sality.NBA virus
C:\Program Files\Adelantado Trilogy Book Two\Adelantado2.exeWin32/Sality.NBA virus
C:\Program Files\AMD APP\bin\x86\amdocl_as.exeWin32/Sality.NBA virus
C:\Program Files\AMD APP\bin\x86\amdocl_ld.exeWin32/Sality.NBA virus
C:\Program Files\AMD AVT\bin\kdbsync.exeWin32/Sality.NBA virus
C:\Program Files\ASRock Utility\XFast RAM\unins000.exeWin32/Sality.NBA virus
C:\Program Files\ATI\CIM\Bin\SetACL.exeWin32/Sality.NBA virus
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\installShell.exeWin32/Sality.NBA virus
C:\Program Files\AutoHotkey\AU3_Spy.exeWin32/Sality.NBA virus
C:\Program Files\AutoHotkey\AutoHotkey.exeWin32/Sality.NBA virus
C:\Program Files\AutoHotkey\AutoHotkeyA32.exeWin32/Sality.NBA virus
C:\Program Files\AutoHotkey\AutoHotkeyU32.exeWin32/Sality.NBA virus
C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exeWin32/Sality.NBA virus
C:\Program Files\Bandicam\uninstall.exeWin32/Sality.NBA virus
C:\Program Files\Cheat Engine 6.2\unins000.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Java\Java Update\jusched.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NeroCmd.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NeroScoutOptions.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NeroSearchAdvanced.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NeTsMan.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NMBCWriter.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NMCdRipServer.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NMDllHost.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NMSTranscoder.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NMTVServer.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Lib\NMTvWizard.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Nero Web\SetupX.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\NeroSlideShow\SlideShw.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Shared\NL3\NeroPatentActivation.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\Nero\Shared\NL3\NeroUpgrade.exeWin32/Sality.NBA virus
C:\Program Files\Common Files\PX Storage Engine\pxhpinst.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\Activate.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\PDVDLaunchPolicy.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\Common\EvoParser\CLUpdater.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\Install.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\Uninstall.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\CLHelper.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\PSUtil.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\Movie\PowerDVD.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PDVDCM11Service.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PowerDVDCinema11.exeWin32/Sality.NBA virus
C:\Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cox\PowerDVDCox11.exeWin32/Sality.NBA virus
C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\generals.exeWin32/Sality.NBA virus
C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_eReg.exeWin32/Sality.NBA virus
C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_EZ.exeWin32/Sality.NBA virus
C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_uninst.exeWin32/Sality.NBA virus
C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\support\go_ez.exeWin32/Sality.NBA virus
C:\Program Files\EA Games\Command and Conquer Generals\generals.exeWin32/Sality.NBA virus
C:\Program Files\EA Games\Command and Conquer Generals\WorldBuilder.exeWin32/Sality.NBA virus
C:\Program Files\EA Games\Command and Conquer Generals\support\Command and Conquer Generals_EZ.exeWin32/Sality.NBA virus
C:\Program Files\EA Games\Command and Conquer Generals\support\Generals_uninst.exeWin32/Sality.NBA virus
C:\Program Files\EA Games\Command and Conquer Generals\support\go_ez.exeWin32/Sality.NBA virus
C:\Program Files\Graboid\uninst.exeWin32/Sality.NBA virus
C:\Program Files\Graboid\GraboidVideo\3.84\DLManager\GraboidDLManager.exeWin32/Sality.NBA virus
C:\Program Files\Graboid\GraboidVideo\3.84\DLManager\w9xpopen.exeWin32/Sality.NBA virus
C:\Program Files\Graboid\GraboidVideo\3.84\DLManager\win\unrar\UnRAR.exeWin32/Sality.NBA virus
C:\Program Files\Graboid\GraboidVideo\3.84\DLManager\win\unzip\unzip.exeWin32/Sality.NBA virus
C:\Program Files\Graboid\GraboidVideo\3.84\GraboidRegisterProtocol\registerProtocol.exeWin32/Sality.NBA virus
C:\Program Files\GreenTree Applications\YTD Video Downloader\FFMPEG.EXEWin32/Sality.NBA virus
C:\Program Files\GreenTree Applications\YTD Video Downloader\Uninstall.exeWin32/Sality.NBA virus
C:\Program Files\GRETECH\GomPlayer\GomWiz.exeWin32/Sality.NBA virus
C:\Program Files\GRETECH\GomPlayer\GrLauncher.exeWin32/Sality.NBA virus
C:\Program Files\GRETECH\GomPlayer\KillGom.exeWin32/Sality.NBA virus
C:\Program Files\GRETECH\GomPlayer\RtParser.exeWin32/Sality.NBA virus
C:\Program Files\GRETECH\GomPlayer\ShellRegister.exeWin32/Sality.NBA virus
C:\Program Files\GRETECH\GomPlayer\srt2smi.exeWin32/Sality.NBA virus
C:\Program Files\GRETECH\GomPlayer\Uninstall.exeWin32/Sality.NBA virus
C:\Program Files\Innovative Solutions\Advanced Task Manager\unins000.exeWin32/Sality.NBA virus
C:\Program Files\InstallShield Installation Information\{44D9C861-7B40-41E4-8A25-C9EBB9A7A59B}\setup.exeWin32/Sality.NBA virus
C:\Program Files\InstallShield Installation Information\{F232C87C-6E92-4775-8210-DFE90B7777D9}\7z.exeWin32/Sality.NBA virus
C:\Program Files\InstallShield Installation Information\{F232C87C-6E92-4775-8210-DFE90B7777D9}\Setup.exeWin32/Sality.NBA virus
C:\Program Files\Internet Download Manager\IDMan.exeWin32/Sality.NBA virus
C:\Program Files\Internet Download Manager\IEMonitor.exeWin32/Sality.NBA virus
C:\Program Files\Internet Download Manager\Uninstall.exeWin32/Sality.NBA virus
C:\Program Files\LogMeIn Hamachi\hamachi-2.exeWin32/Sality.NBA virus
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeWin32/Sality.NBA virus
C:\Program Files\Malwarebytes' Anti-Malware\unins000.exeWin32/Sality.NBA virus
C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exeWin32/Sality.NBA virus
C:\Program Files\Mozilla Firefox\webapp-uninstaller.exeWin32/Sality.NBA virus
C:\Program Files\Mozilla Firefox\uninstall\helper.exeWin32/Sality.NBA virus
C:\Program Files\Mozilla Maintenance Service\Uninstall.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero\Uninstall\UNNERO.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero BackItUp\NBSFtp.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Burning Rom\NeDwFileHelper.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Burning Rom\SecurDisc\discinfo.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverDes.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero MediaHome\NeroMediaHome.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero MediaHome\NMMediaServer.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Recode\Recode.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero SoundTrax\SoundTrax.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero StartSmart\NeroInFDiscCopy.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Toolkit\DiscSpeed.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Toolkit\InfoTool.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Toolkit\RescueAgent\NeroRescueAgent.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero WaveEditor\DXEnum.exeWin32/Sality.NBA virus
C:\Program Files\Nero\Nero8\Nero WaveEditor\waveedit.exeWin32/Sality.NBA virus
C:\Program Files\Notepad++\notepad++.exeWin32/Sality.NBA virus
C:\Program Files\Notepad++\updater\GUP.exeWin32/Sality.NBA virus
C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exeWin32/Sality.NBA virus
C:\Program Files\NVIDIA Corporation\Uninstall\nvunrm.exeWin32/Sality.NBA virus
C:\Program Files\OpenAL\oalinst.exeWin32/Sality.NBA virus
C:\Program Files\RAR Password Cracker\uninstall.exeWin32/Sality.NBA virus
C:\Program Files\Real Alternative\settings.exeWin32/Sality.NBA virus
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exeWin32/Sality.NBA virus
C:\Program Files\Real Alternative\Update_OB\upgrdhlp.exeWin32/Sality.NBA virus
C:\Program Files\Realtek\Audio\HDA\RtkAudioSrvATI.exeWin32/Sality.NBA virus
C:\Program Files\Realtek\Audio\HDA\RtkUpd.exeWin32/Sality.NBA virus
C:\Program Files\Steam\GameOverlayUI.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\backup\french\steambackup.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\backup\german\steambackup.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\backup\italian\steambackup.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\backup\spanish\steambackup.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\games\appid_10540.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\games\appid_10560.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\games\appid_17300.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\games\appid_17330.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\games\appid_17340.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\games\appid_6510.exeWin32/Sality.NBA virus
C:\Program Files\Steam\steam\games\appid_6520.exeWin32/Sality.NBA virus
C:\Program Files\TeamSpeak 3 Client\createfileassoc.exeWin32/Sality.NBA virus
C:\Program Files\TeamSpeak 3 Client\error_report.exeWin32/Sality.NBA virus
C:\Program Files\TeamSpeak 3 Client\package_inst.exeWin32/Sality.NBA virus
C:\Program Files\TeamSpeak 3 Client\update.exeWin32/Sality.NBA virus
D:\autorun.infINF/Autorun.gen worm
D:\uvoxld.exeWin32/Sality virus
D:\Activision\call of duty modern warfare 3\iw5mp_server.exeWin32/Sality.NBA virus
D:\Activision\call of duty modern warfare 3\iw5sp.exeWin32/Sality.NBA virus
D:\Activision\call of duty modern warfare 3\r.a.s.exeWin32/Sality.NBA virus
D:\Activision\call of duty modern warfare 3\vcredist_x86_2008.exeWin32/Sality.NBA virus
D:\Activision\call of duty modern warfare 3\main\arc.exeWin32/Sality.NBA virus
D:\Activision\call of duty modern warfare 3\main\oggdec.exeWin32/Sality.NBA virus
D:\Activision\call of duty modern warfare 3\main\precomp.exeWin32/Sality.NBA virus
D:\Activision\call of duty modern warfare 3\main\zip.exeWin32/Sality.NBA virus
D:\Activision\call of duty modern warfare 3\zone\english\7za.exeWin32/Sality.NBA virus
D:\Activision\call of duty modern warfare 3\zone\english\arc.exeWin32/Sality.NBA virus
D:\Activision\call of duty modern warfare 3\zone\english\precomp.exeWin32/Sality.NBA virus
D:\Activision\World of Tanks\unins000.exeWin32/Sality.NBA virus
D:\Activision\World of Tanks\WoTLauncher.exeWin32/Sality.NBA virus
D:\Activision\WWE RAW Ultimate Impact (2009)\Copy of WWERUI.exeWin32/Sality.NBA virus
D:\Activision\WWE RAW Ultimate Impact (2009)\RAS.exeWin32/Sality.NBA virus
D:\Activision\WWE RAW Ultimate Impact (2009)\tmp.exeWin32/Sality.NBA virus
D:\Activision\WWE RAW Ultimate Impact (2009)\vcredist_x86.exeWin32/Sality.NBA virus
D:\Activision\WWE RAW Ultimate Impact (2009)\WWERUI.exeWin32/Sality.NBA virus
D:\ayah\abg\Mods\ModWarfare\7za.exeWin32/Sality.NBA virus
D:\cnc\Generals_Code.exeWin32/Sality.NBA virus
D:\cnc\zero\shw.exeWin32/Sality.NBA virus
D:\cnc\zero\shw_cnr.exeWin32/Sality.NBA virus
D:\cnc\zero\shw_cqs.exeWin32/Sality.NBA virus
D:\cnc\zero\shw_cqw.exeWin32/Sality.NBA virus
D:\cnc\zero\shw_cwn.exeWin32/Sality.NBA virus
D:\cnc\zero\shw_qs.exeWin32/Sality.NBA virus
D:\cnc\zero\shw_qsw.exeWin32/Sality.NBA virus
D:\cnc\zero\shw_wb.exeWin32/Sality.NBA virus
D:\cnc\zero\shw_win.exeWin32/Sality.NBA virus
D:\cnc\zero\Uinst_shw.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\generals.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\WorldBuilder.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\Data\INI\IniChecker3.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_eReg.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_EZ.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\support\Command and Conquer Generals Zero Hour_uninst.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command & Conquer Generals Zero Hour\support\go_ez.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command and Conquer Generals\generals.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command and Conquer Generals\WorldBuilder.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command and Conquer Generals\support\Command and Conquer Generals_EZ.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command and Conquer Generals\support\Generals_uninst.exeWin32/Sality.NBA virus
D:\EA Games\EA Games\Command and Conquer Generals\support\go_ez.exeWin32/Sality.NBA virus
D:\GTA-SanAndreas\gta_sa.exeWin32/Sality.NBA virus
D:\GTA-SanAndreas\rcon.exeWin32/Sality.NBA virus
D:\GTA-SanAndreas\sa-mp-0.3e-install.exeWin32/Sality.NBA virus
D:\GTA-SanAndreas\samp.exeWin32/Sality.NBA virus
D:\GTA-SanAndreas\SAMPUninstall.exeWin32/Sality.NBA virus
D:\GTA-SanAndreas\samp_debug.exeWin32/Sality.NBA virus
D:\GTA-SanAndreas\unins000.exeWin32/Sality.NBA virus
D:\GTA-SanAndreas\UnRAR.exeWin32/Sality.NBA virus
D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXEWin32/Sality.NBA virus
D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OFFCLN.EXEWin32/Sality.NBA virus
D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXEWin32/Sality.NBA virus
D:\software\ADOBE PHOTOSHOP LIGHTROOM 3.4\SOFTWARE\Install Lightroom 3.exeWin32/Sality.NBA virus
D:\temp\ext18866\install.exeWin32/Sality.NBA virus
Operating memoryWin32/Sality.NBA virus
 
Back