Multiple Infections? : [
-
Multiple Infections? : [
Hello DAL,
I finally got my new PC put together, so gave my older Dell XPS to her. No more than 2 days later she gives me a call saying her anti virus is showing infections. So I headed over to her place to see if I could fix it. Her CPU was lagging at 100% so I checked the task manager, I found about 8 instances of a program named ntrdm.exe, Kn.exe & Kr.exe. I couldn't run a single program so I shut down the PC and booted into safe mode. Then I ran a complete scan with Nod32, Anti Spyware, Anti Malware, & hackthis. Super Anti found like 6 tracking cookies, I removed them immedately so I don't have the report. But all the other programs scanned clean.
So about two or so days later she gives me a call again. Same issues, with the exception this time there wasn't any running of multiple instances. So I took the Dell back to my house and its still getting reports from Nod32's Real-time file system protection saying its found infections and quarantining files even though the scans I ran just before those reports didn't find anything. So I'm somewhat lost on how to find them.
Nod32 Real-time file system protection (not scan):
4/29/2010 3:29:42 PM Real-time file system protection file C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQCFJWKC\dss_dsk[1].exe Win32/TrojanDownloader.Small.OWQ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.
4/29/2010 3:29:40 PM Real-time file system protection file C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JUAHGQJ\glc_dsk[1].exe Win32/TrojanDownloader.FakeAlert.AXE trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.
4/29/2010 3:00:34 PM HTTP filter file http://tier9.w2c.ru/tpp23/fgmsgr.exe a variant of Win32/Kryptik.EAZ trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Users\3izarre\AppData\Local\Temp\wwfinst.exe.
4/29/2010 3:00:24 PM HTTP filter file http://tier9.w2c.ru/tpp23/fgmsgr.exe a variant of Win32/Kryptik.EAZ trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Users\3izarre\AppData\Local\Temp\wwfinst.exe.
4/26/2010 3:06:11 PM Real-time file system protection file C:\Windows\TEMP\shrpubwb.exe Win32/TrojanDownloader.VB.OLG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Users\3izarre\AppData\Local\Temp\wwfinst.exe.
4/26/2010 3:06:07 PM HTTP filter file http://tier9.w2c.ru/tpp23/cti_dsk.exe Win32/TrojanDownloader.VB.OLG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Users\3izarre\AppData\Local\Temp\wwfinst.exe.
4/26/2010 3:05:47 PM Real-time file system protection file C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JUAHGQJ\cti_dsk[1].exe Win32/TrojanDownloader.VB.OLG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Users\3izarre\AppData\Local\Temp\wwfinst.exe.
4/26/2010 3:05:41 PM HTTP filter file http://tier9.w2c.ru/tpp23/cti_dsk.exe Win32/TrojanDownloader.VB.OLG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Users\3izarre\AppData\Local\Temp\wwfinst.exe.
4/26/2010 3:03:57 PM HTTP filter file http://rnstatus.com/get.php?id=1 a variant of Win32/Kryptik.GO trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Windows\Temp\xcopyb.exe.
4/26/2010 3:00:15 PM HTTP filter file http://rnstatus.com/get.php?id=1 a variant of Win32/Kryptik.GO trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Windows\Temp\makecabb.exe.
4/23/2010 2:37:40 PM Real-time file system protection file C:\Users\3izarre\Downloads\v1.5 beta.exe Win32/Delf.NTX trojan cleaned by deleting - quarantined Event occurred on a file modified by the application: C:\Program Files\uTorrent\uTorrent.exe.
Hackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:06 PM, on 4/29/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MurGeeMon\MurGeeMon.exe
C:\Program Files\PlatinumHideIP\PlatinumHideIP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.d-a-l.com/help/windows-7-...ndows-7-a.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = eSnips Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 218.201.21.175:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MurGeeMon] C:\Program Files\MurGeeMon\MurGeeMon.exe :silent
O4 - HKCU\..\Run: [Auto Secondary Monitor Control] C:\Program Files\MurGeeMon\MurGeeMon.exe 28
O4 - HKCU\..\Run: [Platinum Hide IP] C:\Program Files\PlatinumHideIP\PlatinumHideIP.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O8 - Extra context menu item: Download to MurGeeMon - C:\Program Files\MurGeeMon\ProcessClick.htm
O15 - Trusted IP range: http://192.***.1.1
O15 - ESC Trusted IP range: http://192.***.1.1
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5109/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D127E93E-BFCC-4539-9868-3892950A493E}: NameServer = 74.128.17.114,74.128.19.102
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - LibUsb-Win32 - C:\Windows\system32\libusbd-nt.exe
--
End of file - 4538 bytes
I can't find the infection(s). Any help would be greatly appreciated.
Best regards.
3iz
-
By her I mean my sister, lol.
-
Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
================================================== ==============
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
Combofix does work. I had to basicly hold down the return key becuase I had so many "String line GPREP has stopped working" windows errors. So when are fonts viewed as virus's? That new to me.
Combofix Log:
C:\ErrLog.txt
C:\Program Files\Common Files\alg.exe
C:\Windows\Fonts\img baby.ttf
C:\Windows\Fonts\img hearts.ttf
C:\Windows\Fonts\img seasons.ttf
C:\Windows\Fonts\img travel.ttf
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\Windows\UA000106.DLL
C:\Windows\system32\wuauclt.exe . . . is infected!!
GMER log:
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-30 00:13:11
Windows 6.1.7600
Running: v8vjqee7.exe; Driver: C:\Users\3izarre\AppData\Local\Temp\uwddapod.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82030AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82030104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820303F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82018634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82018898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820301DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82030958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820306F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82030F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820311A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 81C4B8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 81C6B3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9D826C9D 28 Bytes [55, 16, 56, B2, 24, 4A, 7A, ...]
.text peauth.sys 9D826CC1 28 Bytes [55, 16, 56, B2, 24, 4A, 7A, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1624] kernel32.dll!SetUnhandledExceptionFilter 75263162 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3208] ntdll.dll!LdrLoadDll 76E1F585 5 Bytes JMP 010C13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000068 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D3 6E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft ISATAP Adapter 1?2?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{06601F22-07B4-426D-8732-6922EF7C3195}"?"{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\TCPIP6TUNNEL_{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServe r\Linkage@Bind \Device\Smb_Tcpip_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Smb_Tcpip_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Smb_Tcpip_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Smb_Tcpip_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Smb_Tcpip_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Smb_Tcpip_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Smb_Tcpip_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Smb_Tcpip_{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\Smb_Tcpip_{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?\Device\Smb_Tcpip6_{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\Smb_Tcpip6_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Smb_Tcpip6_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Smb_Tcpip6_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Smb_Tcpip6_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Smb_Tcpip6_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Smb_Tcpip6_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Smb_Tcpip6_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Smb_Tcpip6_{D127E93E-BFCC-4539-9868-38
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServe r\Linkage@Route "Smb" "Tcpip" "{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"Smb" "Tcpip" "{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"Smb" "Tcpip" "{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"Smb" "Tcpip" "{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"Smb" "Tcpip" "{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"Smb" "Tcpip" "{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"Smb" "Tcpip" "{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"Smb" "Tcpip" "{D127E93E-BFCC-4539-9868-3892950A493E}"?"Smb" "Tcpip" "{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}"?"Smb" "Tcpip6" "{06601F22-07B4-426D-8732-6922EF7C3195}"?"Smb" "Tcpip6" "{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"Smb" "Tcpip6" "{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"Smb" "Tcpip6" "{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"Smb" "Tcpip6" "{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"Smb" "Tcpip6" "{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"Smb" "Tcpip6" "{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"Smb" "Tcpip6" "{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"Smb" "Tcpip6" "{D127E93E-BFCC-4539-9868-3892950A493E}"?"Smb" "Tcpip6" "{6BF83DF
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServe r\Linkage@Export \Device\LanmanServer_Smb_Tcpip_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\LanmanServer_Smb_Tcpip_{18B2 B482-A489-4A45-AAF3-C39E2F487551}?\Device\LanmanServer_Smb_Tcpip_{D55B A2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\LanmanServer_Smb_Tcpip_{3BB7 19C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\LanmanServer_Smb_Tcpip_{B051 7078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\LanmanServer_Smb_Tcpip_{5A1D 3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\LanmanServer_Smb_Tcpip_{6E8A E40B-A442-45CD-A24F-49D8E260994D}?\Device\LanmanServer_Smb_Tcpip_{D127 E93E-BFCC-4539-9868-3892950A493E}?\Device\LanmanServer_Smb_Tcpip_{32AA 4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?\Device\LanmanServer_Smb_Tcpip6_{066 01F22-07B4-426D-8732-6922EF7C3195}?\Device\LanmanServer_Smb_Tcpip6_{813 0E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\LanmanServer_Smb_Tcpip6_{18B 2B482-A489-4A45-AAF3-C39E2F487551}?\Device\LanmanServer_Smb_Tcpip6_{D55 BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\LanmanServer_Smb_Tcpip6_{3BB 719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\LanmanServer_Smb_Tcpip6_{B05 17
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorks tation\Linkage@Bind \Device\Smb_Tcpip_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Smb_Tcpip_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Smb_Tcpip_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Smb_Tcpip_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Smb_Tcpip_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Smb_Tcpip_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Smb_Tcpip_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Smb_Tcpip_{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\Smb_Tcpip_{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?\Device\Smb_Tcpip6_{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\Smb_Tcpip6_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Smb_Tcpip6_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Smb_Tcpip6_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Smb_Tcpip6_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Smb_Tcpip6_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Smb_Tcpip6_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Smb_Tcpip6_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Smb_Tcpip6_{D127E93E-BFCC-4539-9868-38
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorks tation\Linkage@Route "Smb" "Tcpip" "{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"Smb" "Tcpip" "{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"Smb" "Tcpip" "{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"Smb" "Tcpip" "{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"Smb" "Tcpip" "{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"Smb" "Tcpip" "{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"Smb" "Tcpip" "{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"Smb" "Tcpip" "{D127E93E-BFCC-4539-9868-3892950A493E}"?"Smb" "Tcpip" "{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}"?"Smb" "Tcpip6" "{06601F22-07B4-426D-8732-6922EF7C3195}"?"Smb" "Tcpip6" "{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"Smb" "Tcpip6" "{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"Smb" "Tcpip6" "{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"Smb" "Tcpip6" "{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"Smb" "Tcpip6" "{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"Smb" "Tcpip6" "{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"Smb" "Tcpip6" "{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"Smb" "Tcpip6" "{D127E93E-BFCC-4539-9868-3892950A493E}"?"Smb" "Tcpip6" "{6BF83DF
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorks tation\Linkage@Export \Device\LanmanWorkstation_Smb_Tcpip_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\LanmanWorkstation_Smb_Tcpip_ {18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\LanmanWorkstation_Smb_Tcpip_ {D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\LanmanWorkstation_Smb_Tcpip_ {3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\LanmanWorkstation_Smb_Tcpip_ {B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\LanmanWorkstation_Smb_Tcpip_ {5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\LanmanWorkstation_Smb_Tcpip_ {6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\LanmanWorkstation_Smb_Tcpip_ {D127E93E-BFCC-4539-9868-3892950A493E}?\Device\LanmanWorkstation_Smb_Tcpip_ {32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?\Device\LanmanWorkstation_Smb_Tcpip6 _{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\LanmanWorkstation_Smb_Tcpip6 _{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\LanmanWorkstation_Smb_Tcpip6 _{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\LanmanWorkstation_Smb_Tcpip6 _{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\LanmanWorkstation_Smb_Tcpip6 _{3BB719
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Lin kage@Bind \Device\NetBT_Tcpip_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\NetBT_Tcpip_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\NetBT_Tcpip_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\NetBT_Tcpip_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\NetBT_Tcpip_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\NetBT_Tcpip_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\NetBT_Tcpip_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\NetBT_Tcpip_{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\NetBT_Tcpip_{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?\Device\NetBT_Tcpip6_{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\NetBT_Tcpip6_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\NetBT_Tcpip6_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\NetBT_Tcpip6_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\NetBT_Tcpip6_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\NetBT_Tcpip6_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\NetBT_Tcpip6_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\NetBT_Tcpip6_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\NetB
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Lin kage@Route "NetBT" "Tcpip" "{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"NetBT" "Tcpip" "{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"NetBT" "Tcpip" "{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"NetBT" "Tcpip" "{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"NetBT" "Tcpip" "{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"NetBT" "Tcpip" "{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"NetBT" "Tcpip" "{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"NetBT" "Tcpip" "{D127E93E-BFCC-4539-9868-3892950A493E}"?"NetBT" "Tcpip" "{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}"?"NetBT" "Tcpip6" "{06601F22-07B4-426D-8732-6922EF7C3195}"?"NetBT" "Tcpip6" "{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"NetBT" "Tcpip6" "{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"NetBT" "Tcpip6" "{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"NetBT" "Tcpip6" "{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"NetBT" "Tcpip6" "{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"NetBT" "Tcpip6" "{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"NetBT" "Tcpip6" "{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"NetBT" "Tcpip6" "{D127E93E-BFCC-4539-9868-389
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Lin kage@Export \Device\NetBIOS_NetBT_Tcpip_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\NetBIOS_NetBT_Tcpip_{18B2B48 2-A489-4A45-AAF3-C39E2F487551}?\Device\NetBIOS_NetBT_Tcpip_{D55BA2E B-21E7-4A03-8C72-383C9A9DDA27}?\Device\NetBIOS_NetBT_Tcpip_{3BB719C 6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\NetBIOS_NetBT_Tcpip_{B051707 8-03B0-4E6A-9895-E85B5DEE7C98}?\Device\NetBIOS_NetBT_Tcpip_{5A1D3BD F-61BA-465F-AF86-7EB442A37F9F}?\Device\NetBIOS_NetBT_Tcpip_{6E8AE40 B-A442-45CD-A24F-49D8E260994D}?\Device\NetBIOS_NetBT_Tcpip_{D127E93 E-BFCC-4539-9868-3892950A493E}?\Device\NetBIOS_NetBT_Tcpip_{32AA4BF A-D0A7-4B7A-9E68-43C5D45BC97F}?\Device\NetBIOS_NetBT_Tcpip6_{06601F 22-07B4-426D-8732-6922EF7C3195}?\Device\NetBIOS_NetBT_Tcpip6_{8130E3 EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\NetBIOS_NetBT_Tcpip6_{18B2B4 82-A489-4A45-AAF3-C39E2F487551}?\Device\NetBIOS_NetBT_Tcpip6_{D55BA2 EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\NetBIOS_NetBT_Tcpip6_{3BB719 C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\NetBIOS_NetBT_Tcpip6_{B05170 78-03B0-4E6A-9895-E85B5DEE7C98}?\Device\NetB
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Par ameters@MaxLana 19
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linka ge@Bind \Device\Tcpip_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Tcpip_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Tcpip_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Tcpip_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Tcpip_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Tcpip_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Tcpip_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Tcpip_{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\Tcpip_{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?\Device\Tcpip6_{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\Tcpip6_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Tcpip6_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Tcpip6_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Tcpip6_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Tcpip6_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Tcpip6_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Tcpip6_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Tcpip6_{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\Tcpip6_{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}?\Devic
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linka ge@Route "Tcpip" "{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"Tcpip" "{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"Tcpip" "{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"Tcpip" "{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"Tcpip" "{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"Tcpip" "{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"Tcpip" "{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"Tcpip" "{D127E93E-BFCC-4539-9868-3892950A493E}"?"Tcpip" "{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}"?"Tcpip6" "{06601F22-07B4-426D-8732-6922EF7C3195}"?"Tcpip6" "{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"Tcpip6" "{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"Tcpip6" "{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"Tcpip6" "{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"Tcpip6" "{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"Tcpip6" "{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"Tcpip6" "{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"Tcpip6" "{D127E93E-BFCC-4539-9868-3892950A493E}"?"Tcpip6" "{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}"?"Tcpip6" "{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}"?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linka ge@Export \Device\NetBT_Tcpip_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\NetBT_Tcpip_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\NetBT_Tcpip_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\NetBT_Tcpip_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\NetBT_Tcpip_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\NetBT_Tcpip_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\NetBT_Tcpip_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\NetBT_Tcpip_{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\NetBT_Tcpip_{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?\Device\NetBT_Tcpip6_{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\NetBT_Tcpip6_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\NetBT_Tcpip6_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\NetBT_Tcpip6_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\NetBT_Tcpip6_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\NetBT_Tcpip6_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\NetBT_Tcpip6_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\NetBT_Tcpip6_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\NetB
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Epoch@Epoch 4012
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage @Bind \Device\Tcpip_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Tcpip_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Tcpip_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Tcpip_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Tcpip_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Tcpip_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Tcpip_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Tcpip_{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\Tcpip_{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?\Device\Tcpip6_{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\Tcpip6_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Tcpip6_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Tcpip6_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Tcpip6_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Tcpip6_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Tcpip6_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Tcpip6_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Tcpip6_{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\Tcpip6_{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}?\Devic
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage @Route "Tcpip" "{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"Tcpip" "{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"Tcpip" "{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"Tcpip" "{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"Tcpip" "{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"Tcpip" "{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"Tcpip" "{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"Tcpip" "{D127E93E-BFCC-4539-9868-3892950A493E}"?"Tcpip" "{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}"?"Tcpip6" "{06601F22-07B4-426D-8732-6922EF7C3195}"?"Tcpip6" "{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"Tcpip6" "{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"Tcpip6" "{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"Tcpip6" "{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"Tcpip6" "{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"Tcpip6" "{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"Tcpip6" "{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"Tcpip6" "{D127E93E-BFCC-4539-9868-3892950A493E}"?"Tcpip6" "{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}"?"Tcpip6" "{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}"?
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage @Export \Device\Smb_Tcpip_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Smb_Tcpip_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Smb_Tcpip_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Smb_Tcpip_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Smb_Tcpip_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Smb_Tcpip_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Smb_Tcpip_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Smb_Tcpip_{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\Smb_Tcpip_{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?\Device\Smb_Tcpip6_{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\Smb_Tcpip6_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Smb_Tcpip6_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Smb_Tcpip6_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Smb_Tcpip6_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Smb_Tcpip6_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Smb_Tcpip6_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Smb_Tcpip6_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Smb_Tcpip6_{D127E93E-BFCC-4539-9868-38
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Link age@Bind \Device\{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}?\Device\{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Link age@Route "{06601F22-07B4-426D-8732-6922EF7C3195}"?"{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}"?"{18B2B482-A489-4A45-AAF3-C39E2F487551}"?"{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}"?"{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}"?"{B0517078-03B0-4E6A-9895-E85B5DEE7C98}"?"{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}"?"{6E8AE40B-A442-45CD-A24F-49D8E260994D}"?"{D127E93E-BFCC-4539-9868-3892950A493E}"?"{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}"?"{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}"?
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Link age@Export \Device\Tcpip6_{06601F22-07B4-426D-8732-6922EF7C3195}?\Device\Tcpip6_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}?\Device\Tcpip6_{18B2B482-A489-4A45-AAF3-C39E2F487551}?\Device\Tcpip6_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}?\Device\Tcpip6_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}?\Device\Tcpip6_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}?\Device\Tcpip6_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}?\Device\Tcpip6_{6E8AE40B-A442-45CD-A24F-49D8E260994D}?\Device\Tcpip6_{D127E93E-BFCC-4539-9868-3892950A493E}?\Device\Tcpip6_{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}?\Device\Tcpip6_{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9@Next_Catalog_Entry_ID 20094
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9@Num_Catalog_Entries 50
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9@Serial_Access_Num 1795
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00029@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{06601F22-07B4-426D-8732-6922EF7C3195}] SEQPACKET 19
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00030@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{06601F22-07B4-426D-8732-6922EF7C3195}] DATAGRAM 19
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00031@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}] SEQPACKET 18
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00032@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8130E3EC-D3D7-4657-A35A-A67DCEA1F1F8}] DATAGRAM 18
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00033@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{18B2B482-A489-4A45-AAF3-C39E2F487551}] SEQPACKET 17
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00034@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{18B2B482-A489-4A45-AAF3-C39E2F487551}] DATAGRAM 17
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00035@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}] SEQPACKET 15
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00036@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D55BA2EB-21E7-4A03-8C72-383C9A9DDA27}] DATAGRAM 15
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00037@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}] SEQPACKET 12
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00038@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3BB719C6-1746-45D6-8FBC-EF0B63B2C8AE}] DATAGRAM 12
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00039@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}] SEQPACKET 11
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00040@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B0517078-03B0-4E6A-9895-E85B5DEE7C98}] DATAGRAM 11
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00041@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}] SEQPACKET 9
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00042@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5A1D3BDF-61BA-465F-AF86-7EB442A37F9F}] DATAGRAM 9
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00043@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6E8AE40B-A442-45CD-A24F-49D8E260994D}] SEQPACKET 7
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00044@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6E8AE40B-A442-45CD-A24F-49D8E260994D}] DATAGRAM 7
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00045@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D127E93E-BFCC-4539-9868-3892950A493E}] SEQPACKET 4
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00046@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D127E93E-BFCC-4539-9868-3892950A493E}] DATAGRAM 4
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00047@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}] SEQPACKET 3
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00048@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6BF83DFE-F4A0-4018-84E3-0E3F6A08ADF3}] DATAGRAM 3
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00049@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}] SEQPACKET 2
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00050@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{32AA4BFA-D0A7-4B7A-9E68-43C5D45BC97F}] DATAGRAM 2
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af164764 4e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2e cedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023 a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be0 6337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d96 86d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b7 4b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e 232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb 204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a 51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe 080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a 6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616 fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
-
What you posted is definitely not Combofix log.
Please, retry.
-
My bad. All it says after the scan is finish is the log is in C:Combofix.
ComboFix 10-04-29.04 - 3izarre 04/30/2010 0:15:57.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1270 [GMT -4:00]
Running from: C:\Users\3izarre\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
/wow section - STAGE 3
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ErrLog.txt
C:\Program Files\Common Files\alg.exe
C:\Windows\Fonts\img baby.ttf
C:\Windows\Fonts\img hearts.ttf
C:\Windows\Fonts\img seasons.ttf
C:\Windows\Fonts\img travel.ttf
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\Windows\UA000106.DLL
C:\Windows\system32\wuauclt.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
.
2010-04-30 04:27:27 . 2010-04-30 04:29:09 -------- d-----w- C:\Users\3izarre\AppData\Local\temp
2010-04-30 04:27:27 . 2010-04-30 04:27:27 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-04-29 19:46:43 . 2010-04-29 19:46:43 388096 ----a-r- C:\Users\3izarre\AppData\Roaming\Microsoft\Install er\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-29 19:46:40 . 2010-04-29 19:46:40 -------- d-----w- C:\Program Files\Trend Micro
2010-04-29 04:22:04 . 2010-04-29 04:55:01 -------- d-----w- C:\Program Files\Facewound
2010-04-29 04:01:50 . 2010-04-29 17:03:12 -------- d-----w- C:\ProgramData\PlatinumHideIP
2010-04-29 04:01:50 . 2010-04-29 04:01:50 -------- d-----w- C:\Users\3izarre\AppData\Roaming\PlatinumHideIP
2010-04-29 04:01:44 . 2010-04-29 04:03:04 -------- d-----w- C:\Program Files\PlatinumHideIP
2010-04-29 00:12:55 . 2010-04-29 00:13:49 -------- d-----w- C:\Program Files\Crazy Machines II
2010-04-29 00:11:06 . 2010-04-29 00:11:06 -------- d-----w- C:\Windows\EFC1B35CFFF241D8A70ACE6037F8040B.TMP
2010-04-28 21:52:08 . 2010-04-28 21:54:56 -------- d-----w- C:\Users\3izarre\AppData\Roaming\NVIDIA
2010-04-28 21:52:08 . 2010-04-28 21:52:08 864256 ----a-w- C:\Users\3izarre\AppData\Roaming\NVIDIA\SHIMGen_JA U.dll
2010-04-28 21:52:08 . 2010-04-28 21:52:08 1116672 ----a-w- C:\Users\3izarre\AppData\Roaming\NVIDIA\SHIMGen_JA U64.dll
2010-04-28 20:53:42 . 2010-04-28 20:53:42 -------- d-----w- C:\Users\3izarre\AppData\Local\CrashRpt
2010-04-28 02:28:33 . 2009-12-11 07:38:58 1037312 ----a-w- C:\Windows\system32\lsasrv.dll
2010-04-28 02:28:32 . 2009-12-11 07:44:02 133720 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2010-04-26 15:58:59 . 2010-04-26 16:00:00 -------- d-----w- C:\Users\3izarre\AppData\Local\MurGeeMon
2010-04-26 15:44:53 . 2010-02-27 13:01:28 49152 ----a-w- C:\Windows\MurGeeMon.scr
2010-04-26 15:44:35 . 2010-04-26 15:44:55 -------- d-----w- C:\Program Files\MurGeeMon
2010-04-26 14:24:28 . 2010-04-26 14:24:44 -------- d-----w- C:\Program Files\JFK Reloaded
2010-04-25 16:16:03 . 2010-04-25 16:23:10 -------- d-----w- C:\Users\3izarre\AppData\Roaming\Crayon Physics Deluxe
2010-04-25 07:13:57 . 2010-04-25 07:13:57 -------- d-----w- C:\Users\3izarre\AppData\Local\DDMM
2010-04-24 05:46:36 . 2010-04-24 05:46:36 -------- d-----w- C:\Users\3izarre\AppData\Roaming\Canneverbe_Limite d
2010-04-24 02:55:06 . 2010-04-24 02:54:47 411368 ----a-w- C:\Windows\system32\deployJava1.dll
2010-04-23 05:13:01 . 2010-04-23 05:13:01 -------- d-----w- C:\Users\3izarre\AppData\Roaming\dvdcss
2010-04-23 00:40:15 . 2010-04-23 00:40:15 -------- d-----w- C:\Program Files\Common Files\Creative Labs Shared
2010-04-23 00:38:58 . 2009-03-26 18:46:42 148480 ----a-w- C:\Windows\system32\APOMngr.DLL
2010-04-23 00:38:58 . 2009-02-06 22:52:24 73728 ----a-w- C:\Windows\system32\CmdRtr.DLL
2010-04-23 00:26:57 . 2010-04-03 22:55:31 56424 ----a-w- C:\Windows\system32\OpenCL.dll
2010-04-23 00:26:57 . 2010-04-03 22:55:31 15227496 ----a-w- C:\Windows\system32\nvoglv32.dll
2010-04-23 00:26:57 . 2010-04-03 22:55:31 11573800 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2010-04-23 00:26:53 . 2010-04-03 22:55:31 4029544 ----a-w- C:\Windows\system32\nvcuda.dll
2010-04-23 00:26:53 . 2010-04-03 22:55:31 2646632 ----a-w- C:\Windows\system32\nvcuvenc.dll
2010-04-23 00:26:53 . 2010-04-03 22:55:31 227944 ----a-w- C:\Windows\system32\nvcod1914.dll
2010-04-23 00:26:53 . 2010-04-03 22:55:31 227944 ----a-w- C:\Windows\system32\nvcod.dll
2010-04-23 00:26:53 . 2010-04-03 22:55:31 2009704 ----a-w- C:\Windows\system32\nvcuvid.dll
2010-04-23 00:26:53 . 2010-04-03 22:55:31 11647592 ----a-w- C:\Windows\system32\nvcompiler.dll
2010-04-22 06:40:36 . 2010-04-22 06:40:36 -------- d-----w- C:\Program Files\CRS
2010-04-20 15:43:21 . 2010-04-20 15:43:21 -------- d-----w- C:\Users\3izarre\.phet
2010-04-20 00
55 . 2010-04-20 0055 -------- d-----w- C:\Users\Public\Recorded TV
2010-04-20 00:19:33 . 2010-04-20 00:23:16 -------- d-----w- C:\Program Files\ControlMK
2010-04-19 2332 . 2010-04-19 2332 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\S portsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-04-19 22:25:30 . 2010-04-19 22:25:30 -------- d-----w- C:\Windows\system32\xlive
2010-04-19 22:25:28 . 2010-04-19 22:26:13 -------- d-----w- C:\Program Files\Microsoft Games for Windows - LIVE
2010-04-19 22:05:01 . 2010-04-19 22:05:45 -------- d-----w- C:\Program Files\MK4
2010-04-19 12:52:02 . 2010-04-19 12:52:02 -------- d-----w- C:\Users\3izarre\AppData\Local\Realtime Soft
2010-04-19 12:49:30 . 2010-04-19 12:49:30 -------- d-----w- C:\Users\3izarre\AppData\Roaming\Realtime Soft
2010-04-19 07:49:58 . 2010-04-19 07:49:58 0 ----a-w- C:\Windows\PowerReg.dat
2010-04-19 03:53:44 . 2010-04-19 05:25:22 -------- d-----w- C:\Users\3izarre\AppData\Roaming\FOG Downloader
2010-04-14 21:11:34 . 2010-04-21 22:42:59 -------- d-----w- C:\Program Files\Maxis
2010-04-14 00:00:31 . 2010-04-14 00:02:02 -------- d-----w- C:\Program Files\Algodoo
2010-04-13 20:32:26 . 2010-03-08 21:33:56 427520 ----a-w- C:\Windows\system32\vbscript.dll
2010-04-13 20:32:18 . 2010-02-27 12:07:48 3899280 ----a-w- C:\Windows\system32\ntoskrnl.exe
2010-04-13 20:32:17 . 2010-02-27 12:07:48 3954568 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2010-04-13 20:32:14 . 2010-02-27 07:32:26 221696 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2010-04-13 20:32:13 . 2010-02-27 07:32:05 123392 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2010-04-13 20:32:12 . 2010-02-27 07:32:12 95744 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
2010-04-13 18:38:19 . 2009-12-29 06:55:34 172032 ----a-w- C:\Windows\system32\wintrust.dll
2010-04-13 18:38:17 . 2010-01-09 06:52:59 132608 ----a-w- C:\Windows\system32\cabview.dll
2010-04-12 02:13:11 . 1998-10-29 20:45:06 306688 ----a-w- C:\Windows\IsUninst.exe
2010-04-04 19:40:46 . 2010-04-04 19:40:46 409088 ----a-w- C:\Windows\system32\systemcpl.dll
2010-04-03 22:27:00 . 2010-04-03 22:27:00 985704 ----a-w- C:\Windows\system32\nvsvc.dll
2010-04-03 22:27:00 . 2010-04-03 22:27:00 1515624 ----a-w- C:\Windows\system32\nvsvcr.dll
2010-04-03 22:27:00 . 2010-04-03 22:27:00 13683816 ----a-w- C:\Windows\system32\nvcpl.dll
2010-04-03 22:27:00 . 2010-04-03 22:27:00 129640 ----a-w- C:\Windows\system32\nvvsvc.exe
2010-04-03 22:27:00 . 2010-04-03 22:27:00 110696 ----a-w- C:\Windows\system32\nvmctray.dll
2010-04-03 16:51:55 . 2010-04-03 22:55:31 1296488 ----a-w- C:\Windows\system32\nvapi.dll
2010-04-03 16:51:55 . 2010-03-16 06:51:59 215656 ----a-w- C:\Windows\system32\nvcod1910.dll
2010-04-03 16:20:28 . 2010-04-03 16:20:46 -------- d-----w- C:\Users\3izarre\AppData\Roaming\GetRightToGo
2010-04-03 16:00:37 . 2010-04-03 16:00:37 -------- d-----w- C:\Program Files\Common Files\Java
2010-04-03 15:54:17 . 2010-04-03 15:54:17 -------- d-----w- C:\Program Files\iPod
2010-04-03 15:54:16 . 2010-04-03 15:55:31 -------- d-----w- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-03 15:54:16 . 2010-04-03 15:55:31 -------- d-----w- C:\Program Files\iTunes
2010-04-03 15:54:13 . 2010-04-03 15:54:13 -------- d-----w- C:\Windows\system32\Wat
2010-04-03 15:51:22 . 2010-04-03 16:43:45 -------- d-----w- C:\Program Files\QuickTime
2010-04-03 15:50:22 . 2010-04-03 15:50:22 -------- d-----w- C:\Program Files\Apple Software Update
2010-04-03 15:48:59 . 2010-04-03 15:49:01 -------- d-----w- C:\Program Files\Bonjour
2010-04-01 01:42:39 . 2010-04-01 01:46:51 -------- d-----w- C:\Program Files\Mount&Blade Warband
2010-03-31 19:17:05 . 2010-02-23 0700 977920 ----a-w- C:\Windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-04-29 04:00:34 . 2009-10-26 02:30:26 -------- d-----w- C:\Users\3izarre\AppData\Roaming\uTorrent
2010-04-29 00:11:05 . 2009-10-26 03:42:27 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-29 00:01:43 . 2009-10-31 14:00:00 -------- d-----w- C:\Program Files\PowerISO
2010-04-28 21:54:54 . 2010-01-20 22:29:01 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-04-28 21:52:08 . 2009-10-30 07:11:52 -------- d-----w- C:\ProgramData\NVIDIA
2010-04-28 08:28:08 . 2009-11-04 05:23:23 -------- d-----w- C:\Users\3izarre\AppData\Roaming\vlc
2010-04-26 20:28:44 . 2009-10-26 03:43:07 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-04-26 17:06:38 . 2009-10-26 01:18:34 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-04-26 12:08:52 . 2009-10-26 02:30:56 -------- d-----w- C:\Program Files\uTorrent
2010-04-24 05:46:33 . 2009-11-06 01:55:16 -------- d-----w- C:\Program Files\CDBurnerXP
2010-04-23 00:39:56 . 2009-10-26 01:57:00 -------- d-----w- C:\Program Files\Creative
2010-04-23 00:38:59 . 2009-10-26 01:59:43 445016 ----a-w- C:\Windows\system32\wrap_oal.dll
2010-04-23 00:38:59 . 2009-10-26 01:59:43 109144 ----a-w- C:\Windows\system32\OpenAL32.dll
2010-04-22 23:59:46 . 2010-03-20 02:11:50 -------- d-----w- C:\Program Files\Driver Magician
2010-04-19 2317 . 2009-10-26 04:18:55 588096 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2010-04-19 12:36:57 . 2009-11-09 05:06:18 -------- d-----w- C:\Users\3izarre\AppData\Roaming\LimeWire
2010-04-18 03:59:30 . 2010-03-21 18:19:44 9716 ----a-w- C:\Users\3izarre\AppData\Roaming\TheHunterSettings .bin
2010-04-14 22:52:45 . 2009-10-26 0104 108808 ----a-w- C:\Users\3izarre\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-14 21:11:41 . 2010-02-18 04:05:09 827 ----a-w- C:\Windows\eReg.dat
2010-04-04 19:40:46 . 2009-07-13 23:36:22 13824 ----a-w- C:\Windows\system32\slwga.dll
2010-04-03 22:55:31 . 2010-04-23 00:26:57 10920 ----a-w- C:\Windows\system32\drivers\nvBridge.kmd
2010-04-03 22:55:31 . 2009-09-27 20:12:22 600680 ----a-w- C:\Windows\system32\nvudisp.exe
2010-04-03 22:55:31 . 2009-06-10 21:19:47 9386600 ----a-w- C:\Windows\system32\nvd3dum.dll
2010-04-03 16:43:45 . 2009-11-12 23:03:04 -------- d-----w- C:\Program Files\LimeWire
2010-04-03 15:57:37 . 2010-03-05 10:13:48 -------- d-----w- C:\Program Files\Opera
2010-04-03 15:54:17 . 2009-12-25 00:29:47 -------- d-----w- C:\Program Files\Common Files\Apple
2010-04-03 15:37:54 . 2009-12-23 06:46:07 -------- d-----w- C:\ProgramData\Media Center Programs
2010-04-03 15:34:24 . 2010-03-26 20:48:14 -------- d-----w- C:\ProgramData\DivX
2010-04-03 15:33:57 . 2009-10-31 14:40:17 -------- d-----w- C:\Program Files\CyberLink
2010-04-03 15:26:28 . 2009-10-31 14:15:52 36864 ----a-w- C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2010-04-03 15:24:12 . 2009-10-31 14:50:15 53319 ----a-w- C:\ProgramData\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
2010-04-02 20:54:38 . 2009-10-30 20:59:57 600680 ----a-w- C:\Windows\system32\nvuninst.exe
2010-03-29 20:02:14 . 2010-03-29 20:02:14 -------- d-----w- C:\Users\3izarre\AppData\Roaming\AnvSoft
2010-03-29 19:19:32 . 2010-03-22 17:04:37 -------- d-----w- C:\Program Files\CamStudio
2010-03-29 01:02:46 . 2010-03-29 00:32:32 -------- d-----w- C:\Users\3izarre\AppData\Roaming\Mount&Blade Warband
2010-03-27 07:00:49 . 2009-10-31 18:33:02 -------- d-----w- C:\Program Files\Movie Maker 2.6
2010-03-26 20:34:35 . 2009-10-26 0138 -------- d-----w- C:\Program Files\Common Files\InstallShield
2010-03-26 05:48:24 . 2010-03-26 05:48:24 73000 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-25 22:50:25 . 2009-10-31 17:44:16 -------- d-----w- C:\Users\3izarre\AppData\Roaming\proDAD
2010-03-25 22:50:05 . 2010-03-25 21:40:33 -------- d-----w- C:\Program Files\Boris FX, Inc
2010-03-25 22:47:00 . 2009-10-31 17:13:44 -------- d-----w- C:\ProgramData\Pinnacle
2010-03-25 18:14:53 . 2009-10-26 21:31:04 -------- d-----w- C:\Program Files\Common Files\Adobe
2010-03-20 13:49:05 . 2010-03-20 13:12:10 -------- d-----w- C:\Program Files\emote
2010-03-20 02:29:21 . 2010-03-20 02:29:21 -------- d-----w- C:\Program Files\Common Files\Oberon Media
2010-03-19 19:38:45 . 2009-11-26 17:18:24 -------- d-----w- C:\Program Files\SpeedFan
2010-03-19 00:50:20 . 2010-03-19 00:50:20 15960 ----a-w- C:\Windows\system32\drivers\pfmodnt.sys
2010-03-19 00:50:12 . 2010-03-19 00:50:12 189528 ----a-w- C:\Windows\system32\drivers\haP17v2k.sys
2010-03-19 00:50:04 . 2010-03-19 00:50:04 162904 ----a-w- C:\Windows\system32\drivers\haP16v2k.sys
2010-03-19 00:49:56 . 2010-03-19 00:49:56 798808 ----a-w- C:\Windows\system32\drivers\ha10kx2k.sys
2010-03-19 00:45:42 . 2010-03-19 00:45:42 92760 ----a-w- C:\Windows\system32\drivers\emupia2k.sys
2010-03-19 00:45:28 . 2010-03-19 00:45:28 157272 ----a-w- C:\Windows\system32\drivers\ctsfm2k.sys
2010-03-19 00:45:20 . 2010-03-19 00:45:20 14424 ----a-w- C:\Windows\system32\drivers\ctprxy2k.sys
2010-03-19 00:45:12 . 2010-03-19 00:45:12 127576 ----a-w- C:\Windows\system32\drivers\ctoss2k.sys
2010-03-19 00:41:08 . 2010-03-19 00:41:08 1372888 ----a-w- C:\Windows\system32\drivers\CTMMFILT.SYS
2010-03-19 00:40:48 . 2010-03-19 00:40:48 347144 ----a-w- C:\Windows\system32\drivers\ctdvda2k.sys
2010-03-19 00:40:40 . 2010-03-19 00:40:40 528472 ----a-w- C:\Windows\system32\drivers\ctaud2k.sys
2010-03-19 00:40:32 . 2010-03-19 00:40:32 511064 ----a-w- C:\Windows\system32\drivers\ctac32k.sys
2010-03-19 00:40:22 . 2010-03-19 00:40:22 1366488 ----a-w- C:\Windows\system32\drivers\CT0531FL.SYS
2010-03-19 00:39:36 . 2010-03-19 00:39:36 100952 ----a-w- C:\Windows\system32\drivers\CTERFXFX.sys
2010-03-19 00:39:28 . 2010-03-19 00:39:28 566360 ----a-w- C:\Windows\system32\drivers\CTSBLFX.sys
2010-03-19 00:39:18 . 2010-03-19 00:39:18 555096 ----a-w- C:\Windows\system32\drivers\CTAUDFX.sys
2010-03-19 00:39:10 . 2010-03-19 00:39:10 99416 ----a-w- C:\Windows\system32\drivers\COMMONFX.sys
2010-03-18 23:19:58 . 2010-03-18 23:19:58 43520 ----a-w- C:\Windows\system32\CTBurst.dll
2010-03-18 23:19:42 . 2010-03-18 23:19:42 11776 ----a-w- C:\Windows\system32\inres.dll
2010-03-18 23:19:42 . 2010-03-18 23:19:42 11776 ----a-w- C:\Windows\INRES.DLL
2010-03-18 23:19:38 . 2010-03-18 23:19:38 182272 ----a-w- C:\Windows\system32\ctdvinst.dll
2010-03-18 23:19:36 . 2010-03-18 23:19:36 86528 ----a-w- C:\Windows\system32\ctcoinst.dll
2010-03-18 23:18:32 . 2010-03-18 23:18:32 10752 ----a-w- C:\Windows\system32\a3d.dll
2010-03-18 23:18:14 . 2010-03-18 23:18:14 11776 ----a-w- C:\Windows\system32\ac3api.dll
2010-03-18 23:07:54 . 2010-03-18 23:07:54 51787 ----a-w- C:\Windows\system32\ctdlang.dat
2010-03-18 23:07:54 . 2010-03-18 23:07:54 386852 ----a-w- C:\Windows\system32\ctdnlstr.dat
2010-03-18 23:07:18 . 2010-03-18 23:07:18 196096 ----a-w- C:\Windows\system32\ctemupia.dll
2010-03-18 23:04:06 . 2010-03-18 23:04:06 176128 ----a-w- C:\Windows\system32\ct_oal.dll
2010-03-18 23:04:04 . 2010-03-18 23:04:04 46592 ----a-w- C:\Windows\system32\ctasio.dll
2010-03-18 23:04:00 . 2010-03-18 23:04:00 49152 ----a-w- C:\Windows\system32\ctdproxy.dll
2010-03-18 23:03:22 . 2010-03-18 23:03:22 69632 ----a-w- C:\Windows\system32\ctosuser.dll
2010-03-18 23:03:20 . 2010-03-18 23:03:20 6144 ----a-w- C:\Windows\system32\sfman32.dll
2010-03-18 23:03:18 . 2010-03-18 23:03:18 125952 ----a-w- C:\Windows\system32\sfms32.dll
2010-03-18 23:03:12 . 2010-03-18 23:03:12 13312 ----a-w- C:\Windows\system32\regplib.exe
2010-03-18 23:03:10 . 2010-03-18 23:03:10 64512 ----a-w- C:\Windows\system32\piaproxy.dll
2010-03-18 23:02:14 . 2010-03-18 23:02:14 149838 ----a-w- C:\Windows\system32\ctbas2w.dat
2010-03-18 23:00:42 . 2010-03-18 23:00:42 274587 ----a-w- C:\Windows\system32\ctsbas2w.dat
2010-03-18 22:59:56 . 2010-03-18 22:59:56 53932 ----a-w- C:\Windows\system32\ctdaught.dat
2010-03-18 22:59:56 . 2010-03-18 22:59:56 313207 ----a-w- C:\Windows\system32\ctstatic.dat
2010-03-18 22:59:54 . 2010-03-18 22:59:54 5120 ----a-w- C:\Windows\system32\enlocstr.exe
2010-03-18 22:59:50 . 2010-03-18 22:59:50 10240 ----a-w- C:\Windows\system32\killapps.exe
2010-03-18 22:59:26 . 2010-03-18 22:59:26 33792 ----a-w- C:\Windows\system32\devreg.dll
2010-03-16 09:31:38 . 2010-03-16 09:31:38 22000 ------w- C:\Windows\system32\drivers\Neo_0013.sys
2010-03-16 09:22:16 . 2010-03-16 09:22:16 81920 ------w- C:\Windows\system32\vpncmd.exe
2010-03-13 13:22:09 . 2010-03-13 13:09:35 -------- d-----w- C:\Program Files\Supreme Commander 2
2010-03-12 18:55:40 . 2010-03-12 18:55:40 17772264 ----a-w- C:\Windows\system32\AppSetup.exe
2010-03-11 04:37:52 . 2010-03-11 04:37:52 -------- d-----w- C:\Program Files\Secunia
2010-03-08 17:59:18 . 2010-03-08 17:59:18 94208 ----a-w- C:\Windows\system32\dpl100.dll
2010-02-19 19:27:36 . 2010-02-19 19:27:36 720384 ----a-w- C:\Windows\system32\DivX.dll
2010-02-19 19:27:16 . 2010-02-19 19:27:16 856064 ----a-w- C:\Windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 . 2010-02-19 19:27:16 856064 ----a-w- C:\Windows\system32\divx_xx07.dll
2010-02-19 19:27:16 . 2010-02-19 19:27:16 847872 ----a-w- C:\Windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 . 2010-02-19 19:27:16 843776 ----a-w- C:\Windows\system32\divx_xx16.dll
2010-02-19 19:27:16 . 2010-02-19 19:27:16 839680 ----a-w- C:\Windows\system32\divx_xx11.dll
2010-02-18 07:11:52 . 2009-10-26 03:44:05 117760 ----a-w- C:\Users\3izarre\AppData\Roaming\SUPERAntiSpyware. com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-10 21:26:35 . 2009-07-14 02:04:20 9633792 --sha-r- C:\Windows\Fonts\StaticCache.dat
2009-07-14 01:14:45 . 2009-07-13 23:42:17 396800 --sha-w- C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MurGeeMon"="C:\Program Files\MurGeeMon\MurGeeMon.exe" [2010-04-15 19:17:18 459776]
"Auto Secondary Monitor Control"="C:\Program Files\MurGeeMon\MurGeeMon.exe" [2010-04-15 19:17:18 459776]
"Platinum Hide IP"="C:\Program Files\PlatinumHideIP\PlatinumHideIP.exe" [2010-04-23 02:45:44 2502488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 14:01:04 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2007-04-09 16:29:30 43520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19
42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
[HKLM\~\startupfolder\C:^Users^3izarre^AppData^Roam ing^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=C:\Users\3izarre\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=C:\Windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2010-03-18 23:17:48 19456 ----a-w- C:\Windows\System32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 16:32:32 19968 ------w- C:\Windows\System32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10:02 142120 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-03 22:27:00 13683816 ----a-w- C:\Windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17:50 180224 ----a-w- C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53:36 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25:00 24576 ----a-w- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43:18 248040 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-26 20:28:44 2010864 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
R2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2009-07-14 01:14:30 9216]
R3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMM ONFX.SYS [2010-03-19 00:39:10 99416]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-23 00:40:15 79360]
R3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDF X.SYS [2010-03-19 00:39:18 555096]
R3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\driv ers\CTERFXFX.SYS [2010-03-19 00:39:36 100952]
R3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTER FXFX.SYS [2010-03-19 00:39:36 100952]
R3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLF X.SYS [2010-03-19 00:39:28 566360]
R3 kxwdmdrv;kX WDM Driver Service;C:\Windows\system32\drivers\kx.sys [x]
R3 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;C:\Windows\system32\libusbd-nt.exe [2005-03-10 01:50:18 18944]
R3 NVIDIAHWAccess;NVIDIAHWAccess;C:\Users\3izarre\App Data\Roaming\NVIDIA\HWAccess.sys [x]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12:20:34 12648]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-03-12 01:42:54 12872]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-03 15:54:10 1343400]
S1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfw tdir.sys [2008-07-01 14:04:40 34312]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-12 01:42:53 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-03-12 01:42:54 66632]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]
S2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 14:02:28 468224]
S3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\driv ers\COMMONFX.SYS [2010-03-19 00:39:10 99416]
S3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\driver s\CTAUDFX.SYS [2010-03-19 00:39:18 555096]
S3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\driver s\CTSBLFX.SYS [2010-03-19 00:39:28 566360]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\Windows\system32\drivers\libusb0.sys [2005-03-10 01:50:16 33792]
S3 Neo_Wireless;VPN Client Device Driver - Wireless;C:\Windows\system32\DRIVERS\Neo_0013.sys [2010-03-16 09:31:38 22000]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28u.sys [2009-05-25 09:38:16 734208]
S3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;C:\Windows\system32\DRIVERS\HS3dSensor 1394.sys [2008-02-19 13:09:10 72704]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 23:52:10 14336]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.d-a-l.com/help/windows-7-help/66940-can-i-run-windows-7-a.html
mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
uInternet Settings,ProxyServer = http=211.138.124.196:80
IE: Download to MurGeeMon - C:\Program Files\MurGeeMon\ProcessClick.htm
TCP: {D127E93E-BFCC-4539-9868-3892950A493E} = 74.128.17.114,74.128.19.102
FF - ProfilePath - C:\Users\3izarre\AppData\Roaming\Mozilla\Firefox\P rofiles\lghhivt4.default\
FF - prefs.js: browser.startup.homepage - hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-Acrobat Assistant 8 - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-AdobeCS4ServiceManager - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e
MSConfigStartUp-Adobe_ID0EYTHM - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VER SIO~2.EXE
MSConfigStartUp-Application Layer Gateway - C:\Program Files\Common Files\alg.exe
MSConfigStartUp-ddmm - C:\Users\3izarre\Desktop\DDMM_v1.1\DDMM.exe
MSConfigStartUp-DivXUpdate - C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-HighGrow - C:\Program Files\HighGrow\HighGrow.exe
MSConfigStartUp-ISTray - C:\Program Files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-Sidebar - C:\Program Files\Windows Sidebar\sidebar.exe
MSConfigStartUp-Steam - C:\Program Files\Steam\Steam.exe
MSConfigStartUp-UpdatePDRShortCut - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe
MSConfigStartUp-UVS12 Preload - C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
-
The log is still incomplete.
Try to re-run it.
Valued Member
