User User name Password  
   
Saturday 21.12.2024 / 21:28
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hosts files
Show topics
 
Forums
Forums
hosts files
  Jump to:
 
Posted Message
whiskey99
Member
_
31. March 2013 @ 04:45 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:45:36 AM, on 3/31/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def...//www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (file missing)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - Startup: Epson all-in-one Registration.lnk = E:\Common\EpsonReg\EpsonReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda...b?1177783047764
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: SDWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

--
End of file - 9685 bytes
Advertisement
_
__
AfterDawn Addict
_
31. March 2013 @ 06:48 _ Link to this message    Send private message to this user   
Originally posted by whiskey99:
There was 4 items in the last scan from ESET that i noticed was COMODO that i have trying to get rid of for a while but never could find it,i lost the scan can i just run another scan and delete the 5 items and then go on to HIJACKTHIS scan and copy&paste to you.
yeah, go ahead.



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
AfterDawn Addict
_
31. March 2013 @ 11:17 _ Link to this message    Send private message to this user   
After you run this, check out everything and let me know if you have any problems?

Fix entries using HiJackThis

Launch HiJackThis
Click the Do a system scan only button
Put a check next to the entries listed below (if they still remain)

O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (file missing)
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Epson all-in-one Registration.lnk = E:\Common\EpsonReg\EpsonReg.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: SDWinLogon - Invalid registry found


IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
Click the Fix checked button and close HiJackThis



2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
whiskey99
Member
_
31. March 2013 @ 16:18 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:16:04 PM, on 3/31/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def...//www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda...b?1177783047764
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

--
End of file - 7957 bytes
whiskey99
Member
_
31. March 2013 @ 16:29 _ Link to this message    Send private message to this user   
HI,I ran what you suggested the only one that to stay is the (EGUI)ESET NOD 32 which is
showing up when i restart my PC,and yes PC appears run better.
Now is there any way to keep from getting garbage or is just the way things go with PC'S
today it probably would help if i bought the upgrades to various security providers.
Will just have to wait until i get my unemployment check from the SSA.
Now i have callouses on my brain thank you for all of your help,can we use same game plan on my sons PC in near future.
AfterDawn Addict
_
31. March 2013 @ 17:03 _ Link to this message    Send private message to this user   
Quote:
Now i have callouses on my brain thank you for all of your help,can we use same game plan on my sons PC in near future.
Now that you have experience maybe the next one will go easier.. LOL

run another OTL and post the Logs. we'll see if we can do away with NOD 32 and anything else I may have missed.

2oG

ps run HJT again and check and fix this:
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

I missed it..... :-(



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...

This message has been edited since posting. Last time this message was edited on 31. March 2013 @ 17:11

whiskey99
Member
_
31. March 2013 @ 17:19 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:17:17 PM, on 3/31/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def...//www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda...b?1177783047764
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

--
End of file - 7990 bytes
whiskey99
Member
_
31. March 2013 @ 17:23 _ Link to this message    Send private message to this user   
HI,I ran HJT and NOD32 was still there i have icon on my lower task bar for ESET and if i shut down my PC i believe there will be a popup with the robot like face on in popup.
Will shut down PC and see if it is still there.
AfterDawn Addict
_
31. March 2013 @ 17:31 _ Link to this message    Send private message to this user   
You didn't get it checked in HijackThis - try checking and fixing this line again:
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

Then open windows explorer and follow this path to delete the ESET folder:
C:\Program Files\ESET

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
whiskey99
Member
_
31. March 2013 @ 19:04 _ Link to this message    Send private message to this user   
OTL Extras logfile created on: 3/31/2013 3:35:13 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.47% Memory free
3.16 Gb Paging File | 2.50 Gb Available in Paging File | 78.96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 103.47 Gb Free Space | 74.45% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

Computer Name: WS3 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Enabled:DCOM(135)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\xrsslm12.exe" = C:\WINDOWS\system32\xrsslm12.exe:*:Enabled:Salutation Daemon -- (Xerox Corporation.)
"C:\Documents and Settings\Admin\Local Settings\Temp\RarSFX0\Windows Utilities\Installer32\InstallationManager.exe" = C:\Documents and Settings\Admin\Local Settings\Temp\RarSFX0\Windows Utilities\Installer32\InstallationManager.exe:*:Enabled:Xerox Windows Common Installer
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe" = C:\Program Files\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe:*:Enabled:EpsonNet Setup
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe" = C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0A48F047-5D01-463F-A732-DE75D224034B}" = Point
"{0D343FFE-2FDD-45E3-92B4-159D4FE6F4D5}" = ESET NOD32 Antivirus
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.24.0.195
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5B7D68A3-C39B-4BC5-BDF1-22085290C43C}" = Point 6.1
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71980982-AEA1-480C-B748-0CB376DACDFE}" = WD SmartWare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81C9205D-3BC2-4059-A303-61405032A482}" = Xerox Network Scanner Utility2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78368FC-4EB5-49BA-80EF-3900FB65A113}" = BlackBerry Device Software v7.1.0 for the BlackBerry 9350/9370 smartphone
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{DD68AE74-98BA-4ABE-B11E-30F39206ECE8}" = Point 7.2
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2E0640D-BEB8-4E14-8C97-71D5C7A29844}" = Point
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-zip" = 7-zip v9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Defraggler" = Defraggler
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Freemake Video Converter_is1" = Freemake Video Converter version 3.1.2
"GIMP-2_is1" = GIMP 2.8.4
"Google Chrome" = Google Chrome
"Homestead SiteBuilder" = Homestead SiteBuilder
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"LTCM Client" = LTCM Client
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OCCT" = OCCT 4.4.0
"PC-Doctor for Windows" = Dell Support Center
"PokerStars.net" = PokerStars.net
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"sp6" = Logitech SetPoint 6.52
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"VLC media player" = VLC media player 2.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 3/31/2013 12:55:21 PM | Computer Name = WS3 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Error - 3/31/2013 12:56:21 PM | Computer Name = WS3 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Error - 3/31/2013 12:56:21 PM | Computer Name = WS3 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Error - 3/31/2013 12:57:21 PM | Computer Name = WS3 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Error - 3/31/2013 12:57:21 PM | Computer Name = WS3 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Error - 3/31/2013 12:58:21 PM | Computer Name = WS3 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Error - 3/31/2013 12:58:21 PM | Computer Name = WS3 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Error - 3/31/2013 12:59:21 PM | Computer Name = WS3 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Error - 3/31/2013 12:59:21 PM | Computer Name = WS3 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Error - 3/31/2013 1:00:21 PM | Computer Name = WS3 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

[ System Events ]
Error - 3/31/2013 6:13:07 PM | Computer Name = WS3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service SwPrv with
arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 3/31/2013 6:13:07 PM | Computer Name = WS3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MS Software Shadow Copy
Provider service to connect.

Error - 3/31/2013 6:13:07 PM | Computer Name = WS3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service SwPrv with
arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 3/31/2013 6:13:07 PM | Computer Name = WS3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MS Software Shadow Copy
Provider service to connect.

Error - 3/31/2013 6:14:02 PM | Computer Name = WS3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service SwPrv with
arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 3/31/2013 6:14:03 PM | Computer Name = WS3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MS Software Shadow Copy
Provider service to connect.

Error - 3/31/2013 6:14:03 PM | Computer Name = WS3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service SwPrv with
arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 3/31/2013 6:14:03 PM | Computer Name = WS3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MS Software Shadow Copy
Provider service to connect.

Error - 3/31/2013 6:15:02 PM | Computer Name = WS3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service SwPrv with
arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 3/31/2013 6:15:02 PM | Computer Name = WS3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MS Software Shadow Copy
Provider service to connect.


< End of report >
whiskey99
Member
_
31. March 2013 @ 19:12 _ Link to this message    Send private message to this user   
HI,I ran another OLT and at the end it was talking (applications events w/errors) does that mean anything at all that i should be worried about.
Also about the ESET popup i probably could go into REVO-UNINSTALLER and remove entirely if need be.
AfterDawn Addict
_
31. March 2013 @ 19:36 _ Link to this message    Send private message to this user   
That was the wrong Log I need the OTL.txt Log and Not the extras log.

If you can, use REVO to uninstall ESET and don't worry about the error messages at the end of the Extras Log.

send me a copy of OTL.txt Log.

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
whiskey99
Member
_
31. March 2013 @ 21:00 _ Link to this message    Send private message to this user   
OTL logfile created on: 3/31/2013 5:21:06 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.26% Memory free
3.16 Gb Paging File | 2.56 Gb Available in Paging File | 80.96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 103.51 Gb Free Space | 74.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

Computer Name: WS3 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Documents and Settings\Admin\My Documents\Downloads\OTL(6).exe (OldTimer Tools)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\82601b376b2b5bfcc25e15bb848914d1\Microsoft.VisualC.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
MOD - C:\Program Files\NETGEAR\WNA1100\WifiLib.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (WSWNA1100) -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (ffcc) -- C:\WINDOWS\system32\ffcc.sys File not found
DRV - (epfwtdir) -- system32\DRIVERS\epfwtdir.sys File not found
DRV - (ehdrv) -- system32\DRIVERS\ehdrv.sys File not found
DRV - (eamon) -- system32\DRIVERS\eamon.sys File not found
DRV - (cpuz134) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys File not found
DRV - (766b5317ee71183b991241dfaa6c210b) -- system32\766b5317ee71183b991241dfaa6c210b.sys File not found
DRV - (TrueSight) -- C:\WINDOWS\system32\drivers\TrueSight.sys ()
DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software)
DRV - (gfiark) -- C:\WINDOWS\system32\drivers\gfiark.sys (GFI Software)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT...g}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=UP62DF&...rc=IE-SearchBox
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{3C67974A-CDB2-4701-AE85-78761959C8F4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT...1I7PRFB_enUS504
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{956B18BA-4FB0-4D5D-B74A-7F297176057F}: "URL" = http://websearch.ask.com/redirect?clien...54-563530FA8B0A
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682003330-1592454029-839522115-1008\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.comcast.net"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.6.55.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 09:28:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/12/07 02:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/26 18:53:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:43:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/01/25 13:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2013/03/28 18:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\extensions
[2013/03/05 17:12:42 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2013/02/28 05:18:21 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\searchplugins\startpage-https.xml
[2013/03/07 23:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/13 16:05:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/03/07 23:43:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/08 16:10:30 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2012/11/19 23:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 12:03:41 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/06 07:50:50 | 000,003,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\xfinitylcsearch.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://securesearch.lavasoft.com/?sourc...8167451525108BE
CHR - homepage: http://securesearch.lavasoft.com/?sourc...8167451525108BE
CHR - Extension: Freemake Video Converter = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

O1 HOSTS File: ([2013/02/27 02:08:10 | 000,444,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15277 more lines...
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-682003330-1592454029-839522115-1003..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda...b?1177783047764 (WUWebControl Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3D99DD0-5767-40B3-B61A-C431092ADB1E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/28 09:07:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell - "" = AutoRun
O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/03/31 16:41:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/03/30 16:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/03/30 05:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\hosts files [page 2_2] - AfterDawn Forums_files
[2013/03/30 04:18:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2013/03/29 20:39:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/29 15:54:34 | 000,228,600 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/03/29 15:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/29 15:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/03/29 10:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\RK_Quarantine
[2013/03/29 01:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/03/29 01:46:24 | 000,892,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco3220103.dll
[2013/03/29 01:46:24 | 000,128,440 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys
[2013/03/29 01:46:24 | 000,028,600 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdap32.dll
[2013/03/29 01:46:14 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3231422.dll
[2013/03/29 01:46:14 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3231422.dll
[2013/03/27 03:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2013/03/25 21:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/03/25 21:43:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/03/25 12:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Avg2013
[2013/03/24 05:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/03/24 05:01:56 | 000,144,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2013/03/24 05:01:54 | 015,668,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2013/03/24 05:01:54 | 000,223,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2013/03/24 05:01:53 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2013/03/24 05:00:49 | 019,689,472 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/03/24 05:00:49 | 007,745,536 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/03/24 05:00:49 | 006,074,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/03/24 05:00:49 | 002,733,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/03/24 05:00:49 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/03/24 05:00:49 | 001,000,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2013/03/24 05:00:49 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
[2013/03/24 05:00:46 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/03/24 05:00:46 | 002,490,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/03/23 03:35:54 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/03/23 03:28:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2013/03/23 03:28:04 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2013/03/23 03:28:04 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2013/03/23 03:28:04 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2013/03/23 03:28:04 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2013/03/23 03:28:03 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2013/03/23 03:28:03 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2013/03/23 03:28:03 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2013/03/23 03:28:02 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2013/03/23 03:27:59 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2013/03/23 03:27:59 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2013/03/23 03:27:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2013/03/23 03:27:58 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2013/03/23 03:27:58 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2013/03/23 03:27:57 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2013/03/23 03:27:57 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2013/03/23 03:27:57 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2013/03/23 03:27:56 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2013/03/23 03:27:56 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2013/03/23 03:27:56 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2013/03/23 03:27:52 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2013/03/23 03:27:49 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2013/03/23 03:27:49 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2013/03/23 03:27:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2013/03/23 03:27:48 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2013/03/23 03:27:48 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2013/03/23 03:27:48 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2013/03/23 03:27:47 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2013/03/23 03:27:47 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2013/03/23 03:27:47 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2013/03/23 03:27:46 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2013/03/23 03:27:46 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2013/03/23 03:27:46 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2013/03/23 03:27:46 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2013/03/23 03:27:45 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2013/03/23 03:27:45 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2013/03/23 03:27:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2013/03/23 03:27:44 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2013/03/23 03:27:44 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2013/03/23 03:27:37 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2013/03/23 03:27:37 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2013/03/23 03:27:36 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2013/03/23 03:27:35 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2013/03/23 03:27:35 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2013/03/23 03:27:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2013/03/23 03:27:34 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2013/03/23 03:27:34 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2013/03/23 03:27:34 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2013/03/23 03:27:32 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2013/03/23 03:27:32 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2013/03/23 03:27:25 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2013/03/23 03:27:25 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2013/03/23 03:27:24 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2013/03/23 03:27:24 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2013/03/23 03:27:19 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2013/03/23 03:27:19 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2013/03/23 03:27:18 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2013/03/23 03:27:18 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2013/03/23 03:27:18 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2013/03/23 03:27:17 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2013/03/23 03:27:17 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2013/03/23 03:27:17 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2013/03/23 03:27:16 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2013/03/23 03:27:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2013/03/23 03:27:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2013/03/23 03:27:03 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2013/03/23 03:27:03 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2013/03/23 03:26:57 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2013/03/23 03:26:57 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2013/03/23 03:26:57 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2013/03/23 03:26:56 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2013/03/23 03:26:56 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2013/03/23 03:26:56 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2013/03/23 03:26:55 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2013/03/23 03:26:54 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2013/03/23 03:26:54 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2013/03/23 03:26:54 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2013/03/23 03:26:54 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2013/03/23 03:26:53 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2013/03/23 03:26:53 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2013/03/23 03:26:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2013/03/23 03:26:52 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2013/03/23 03:26:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2013/03/23 03:26:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2013/03/23 03:26:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2013/03/23 03:26:51 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2013/03/23 03:26:51 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2013/03/23 03:26:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2013/03/23 03:26:50 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2013/03/23 03:26:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2013/03/23 03:07:11 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/03/23 03:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/03/23 03:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/03/23 02:31:43 | 000,000,000 | ---D | C] -- C:\rei
[2013/03/23 02:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/03/22 06:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013/03/20 13:03:50 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/20 13:03:50 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/17 00:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2013/03/09 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2013/03/09 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Canneverbe Limited
[2013/03/09 13:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2013/03/07 23:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/05 18:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Privatefirewall
[2013/03/05 18:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2013/03/05 17:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/05 17:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Qualys
[2013/03/05 10:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/03/04 16:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ParetoLogic
[2013/03/04 16:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/03/04 15:45:44 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Admin\My Documents\MicrosoftFixit.maintenance.FISC.134285864231185586.1.1.Run.exe
[2013/03/02 11:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2013/03/02 11:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013/03/02 01:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/03/31 17:18:22 | 000,001,022 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/03/31 17:01:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/31 16:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/31 15:35:43 | 000,143,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/03/31 15:27:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/31 15:26:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/31 15:26:14 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/03/31 15:25:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/31 13:03:38 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2013/03/31 13:00:32 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\OCCT.lnk
[2013/03/31 12:00:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/03/31 11:00:04 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013/03/31 06:10:15 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{015D3F78-B8AB-4912-A42E-94BD6F2F3679}.job
[2013/03/31 01:19:51 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2013/03/30 16:49:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/03/30 16:39:26 | 050,469,376 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\eav_nt32_enu.msi
[2013/03/30 08:37:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/30 05:14:53 | 000,119,569 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\hosts files [page 2_2] - AfterDawn Forums.htm
[2013/03/29 15:54:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/03/29 10:04:49 | 000,015,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013/03/29 10:03:40 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\RogueKiller.exe
[2013/03/29 02:33:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/03/29 02:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2013/03/29 01:47:30 | 001,083,296 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/03/29 01:47:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/29 01:47:26 | 001,083,296 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/03/27 23:53:18 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/27 23:46:29 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/03/27 03:03:18 | 000,000,343 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/03/27 00:51:01 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/03/27 00:49:24 | 000,445,785 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130327-005034.backup
[2013/03/26 18:51:59 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/03/25 21:42:19 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130327-004924.backup
[2013/03/25 21:40:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/03/25 21:40:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/03/25 21:39:47 | 000,481,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/25 21:39:47 | 000,079,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/25 21:15:24 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/03/25 20:32:07 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_95
[2013/03/25 19:56:58 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_732
[2013/03/25 04:17:36 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_528
[2013/03/24 05:01:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/03/23 16:09:14 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_297
[2013/03/23 03:57:09 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_350
[2013/03/23 02:34:11 | 000,000,162 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2013/03/22 14:27:13 | 000,444,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_247
[2013/03/22 14:26:02 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130322-142713.backup
[2013/03/22 06:54:51 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2013/03/22 06:44:41 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/03/20 00:31:39 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130322-142602.backup
[2013/03/19 13:08:41 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/03/16 18:52:48 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/03/15 14:33:09 | 000,001,190 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2013/03/14 22:47:17 | 019,689,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/03/14 22:47:17 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/03/14 22:47:17 | 010,713,024 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2013/03/14 22:47:17 | 007,745,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/03/14 22:47:17 | 006,074,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/03/14 22:47:17 | 004,079,104 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2013/03/14 22:47:17 | 002,733,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/03/14 22:47:17 | 002,490,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/03/14 22:47:17 | 002,288,632 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2013/03/14 22:47:17 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/03/14 22:47:17 | 001,012,512 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3231422.dll
[2013/03/14 22:47:17 | 000,892,704 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3231422.dll
[2013/03/14 22:47:17 | 000,016,514 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/03/14 19:57:16 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2013/03/14 19:57:14 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2013/03/14 19:57:13 | 015,668,512 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2013/03/14 19:57:11 | 000,144,160 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2013/03/13 12:05:54 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/12 14:42:09 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 14:42:09 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/09 13:33:14 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2013/03/09 13:33:14 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2013/03/06 15:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/03/05 17:16:11 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/03/05 17:16:11 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/05 10:02:34 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/03/04 15:45:56 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Admin\My Documents\MicrosoftFixit.maintenance.FISC.134285864231185586.1.1.Run.exe
[2013/03/04 15:31:25 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2013/03/02 11:17:20 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/03/02 01:03:23 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/03/30 16:39:17 | 050,469,376 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\eav_nt32_enu.msi
[2013/03/30 05:14:45 | 000,119,569 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\hosts files [page 2_2] - AfterDawn Forums.htm
[2013/03/29 10:04:49 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013/03/29 10:03:39 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\RogueKiller.exe
[2013/03/29 01:56:26 | 000,001,022 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/03/29 01:46:15 | 000,016,514 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/03/24 05:01:18 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/03/24 05:01:18 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/03/24 05:01:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/24 05:01:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/03/24 05:00:49 | 002,288,632 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/03/23 03:27:39 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2013/03/23 03:27:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2013/03/23 03:27:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2013/03/23 03:27:38 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2013/03/23 03:27:38 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2013/03/23 03:27:38 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2013/03/23 03:27:37 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2013/03/23 03:27:37 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2013/03/23 03:27:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2013/03/23 03:27:34 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/03/23 03:04:33 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/03/23 02:33:54 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/03/23 02:32:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2013/03/23 02:29:50 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2013/03/15 14:33:09 | 000,001,190 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2013/03/09 13:33:14 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2013/03/09 13:33:14 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2013/03/09 13:33:14 | 000,001,587 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2013/03/09 13:33:13 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2013/03/05 10:02:34 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/03/02 14:31:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2013/03/02 11:17:20 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/03/02 01:03:23 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/02/25 02:07:50 | 000,143,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/01/09 04:43:29 | 000,946,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/13 11:12:48 | 000,000,343 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/12/07 20:36:30 | 000,788,388 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1592454029-839522115-1003-0.dat
[2012/12/07 20:36:28 | 000,270,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/09/29 13:35:40 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/05/24 14:15:23 | 000,005,816 | ---- | C] () -- C:\Documents and Settings\Admin\.tkt
[2012/05/11 01:52:40 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2012/05/11 01:52:40 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2012/05/11 01:52:40 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2012/05/11 01:52:40 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2012/05/11 01:52:40 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2012/04/24 11:16:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/22 17:22:49 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/04/07 11:34:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\bibstats
[2009/10/08 13:24:15 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/20 12:22:01 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2007/06/20 12:04:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2007/04/28 13:24:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
AfterDawn Addict
_
31. March 2013 @ 21:43 _ Link to this message    Send private message to this user   
I have looked it over quickly and see nothing that is a threat. I really don't have the time to build a good fix right now but, you should be OK.

Let me know how it is doing and I'll get the Fix done as soon as I can. May be a couple of days.

How is it running right now??
2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
whiskey99
Member
_
31. March 2013 @ 22:12 _ Link to this message    Send private message to this user   
HI,Right now browser comes up a lot faster then before,went I.E. and it came up faster too.
Any suggestions on virus tools it appears from what i seen written on these forms that some do better at controlling virus's others do better at malware/hackers and such,thanks
whiskey99
Member
_
1. April 2013 @ 16:49 _ Link to this message    Send private message to this user   
HI,2oldGeek,Well it looks like PC is on the mend as i can now switch between I.E and F/F
without much hesitation.
Last nite while on internet SB&D came up is there truth in rumor about some programs leaving a back door into a PC so it can come back while your backs turned and i have removed SB&D by way of REVO,Thanks again for all of your help will look at sons PC soon.
AfterDawn Addict
_
1. April 2013 @ 18:40 _ Link to this message    Send private message to this user   
LOL you are changing things so fast it's hard for me to keep up with you...

You have a lot of remnants in your logs and I am trying to separate them... Ho Ho Ho

answer these questions please:
1. Did you uninstall Lavensoft Ad-Aware and Spybot S&D?
2. do you have Avast Antivirus installed?
3. are you running PrivateFirewall now?
4. you no longer have Avg anti-virus on this machine, correct?
5. you have SpywareBlaster installed and do you update it often?
6. you no longer have Comodo, correct?
You can keep SuperAntiSpyware if you like it's ok but, not as good as MBAM.
Update your MalwareBytesAntiMalware and run a scan.. Post it to me......

Glad to hear your new Video card is OK.....

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...

This message has been edited since posting. Last time this message was edited on 1. April 2013 @ 18:46

whiskey99
Member
_
1. April 2013 @ 23:12 _ Link to this message    Send private message to this user   
HI,2oldGeek,answers to your questions.
(1)yes,(2)no,(3)no,(4)yes,(5)yes and yes,(6)yes,.
With SUPERAntiSpyware and MBAM is this redundent and if MBAM is a little better can i just without SUPERANTISPYWARE and yes i update all of what have on PC as needed.Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: WS3 [administrator]

4/1/2013 7:45:42 PM
mbam-log-2013-04-01 (19-45-42).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Heuristics/Extra | PUP | PUM
Scan options disabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | P2P
Objects scanned: 199153
Time elapsed: 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
whiskey99
Member
_
2. April 2013 @ 01:48 _ Link to this message    Send private message to this user   
HI,I appreciate all of your help if you want we can take a break and work on my sons PC in near future.
Would make a difference if ran some scans in the mean time like OTL,HJT and save them.
I have AVAST ANTI VIRUS installed now had MSE installed but do totally trust MS.
floccinaucini
Newbie
_
8. April 2013 @ 12:24 _ Link to this message    Send private message to this user   
I apologize for intruding here but I hope you don't mind because I have a question.

In this thread, in the post of Senior Member 2oldGeek of 28th March 2013 @1758, he states "I see you have a little over 15,000 entries in your Hosts file.......... (I have over 200,000 entries in my Hosts file.)"

Could you please tell me how it came about, that there are so many entries in these "hosts" files. In the hosts files I have seen, either there no entries other than the text which is there by default or just a few entries that have been made by the user to block websites.

These 150,000 and 200,000 that 2oldGeek speaks of; have they been made by the users for a particular purpose or have they been made by websites, programmes and other applications from the internet?

Thank you

Sherryn
AfterDawn Addict
_
8. April 2013 @ 18:12 _ Link to this message    Send private message to this user   
Hi floccinaucini,

The Hosts File was used when the internet first started and before DNS lookup service came into being.
At first in order to go to a site or computer you had to use the IP address like 50.126.214.190 . With a Hosts file you could put in a name for a computer or site like ?Bill? for Bills computer on your network and then his IP address like ?121.43.111.90? and when you typed Bill in your explorer, your computer would go to the IP address for Bill. After the DNS lookup servers were introduced it was much easier to address a computer without having to use a bunch of numbers and the Hosts file was no longer needed. Some years later it was found that the Hosts file could be used to block Bad sites from being able to get into your computer. By using your own computer?s local address which is 127.0.0.1 you can enter a bad guys address like www.badguy.com and use your local IP address, 127.0.0.1 and when something is sent to you from badguy your computer looks in the hosts file and sees his address as you, so it just loops back to itself and never receives anything from him???.. I have over 200,000 bad sites and URLs blocked in my Hosts file and it gets updated often to add new badguys to the list.

First thing to do is read on this site -> http://winhelp2002.mvps.org/hosts.htm
To better understand how it works.
I have been using the Hosts file for many years and highly recommend using it..
I just know you will have some questions so, after some reading, give me a shout with your quires and I?ll do my best to answer them?.

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
floccinaucini
Newbie
_
12. April 2013 @ 17:16 _ Link to this message    Send private message to this user   
Hello 2oldGeek,

This is the most comprehensive information about the 'hosts' file, I have ever received from any source! The link gives much information but your explanation of it, in your reply is so easy to understand. Thank you for some great computer support.

I have been told that after blocking a site using 127.0.0.1, you can check if the blocking is effective by a PING in the command window. could you please tell me how I can do this.

Kind regards.

Sherryn
AfterDawn Addict
_
13. April 2013 @ 08:37 _ Link to this message    Send private message to this user   
Hi floccinaucini, you?re welcome and just glad I was able to help.

Quote:
I have been told that after blocking a site using 127.0.0.1, you can check if the blocking is effective by a PING in the command window. could you please tell me how I can do this.
The PING command is one of the ways you can check.
Hold down the Windows key (next to the Alt key on your keyboard) and then press the ?R? key. This will open the Run box where you type in CMD and click OK or just press enter. The Black command window will open with a prompt like this:

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\2oldGeek>_

At the prompt, type in PING and the web address of the site you are checking e.g.:

C:\Users\2oldGeek>ping google.com <enter>

The request and a small packet of data (32 bytes) are sent over the network to the other computer with this address. Once successfully received the other computer will reply to the ping with a pong response and return the packet. This is done 4 times and the time between when sent and received back is calculated to generate an average response or latency time. The IP address of the other computer is also returned to you. Google?s IP address is 74.125.227.2 ? give it a try?

If the ping does not reach its destination because it is being blocked by the sending computer?s Hosts file it will show the IP address as 127.0.0.1, the local address of the sending computer. Because it is being looped back by the Hosts file, the ping has no contact with the blocked address.

You can also use the CMD command ?tracert? as you would ?ping?. This command is to trace the route through the servers to the other site and will also return a 127.0.0.1 IP if the site has been blocked.

Or you can simply type the site?s address into your browser and, if it has been blocked, it will give you an ?unable to connect? message?

I use HostsMan.exe to manage my Hosts file. It auto loads any updates as they become available and if I want to go to one of the sites in the hosts list, I can simply turn it off or on with 1 click using HostsMan. I recommend using HostsMan it works well and it?s FREE!

Hope that helps. Anything else, just let me know.

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
floccinaucini
Newbie
_
14. April 2013 @ 13:06 _ Link to this message    Send private message to this user   
Hello 2oldGeek,

Greetings to you. beautifully explained. You'd be surprised to know that I have asked questions about the 'hosts' file from many people including those who made it, Microsoft. No one has been able to give me proper explanation till I was fortunate to ask you.

There is another interesting thing. I have been told (I forget by who), that you can also use non-routable addresses such as, 10.11.12.13 or 172.16.17.18 in place of 127.0.0.1

Will this be effective as well as 127.0.0.1? If it is, could you please explain how these non-routable addresses work, when blocking a domain?

Kind regards.

Sherryn
Advertisement
_
__
 
_
AfterDawn Addict
_
14. April 2013 @ 20:29 _ Link to this message    Send private message to this user   
Originally posted by floccinaucini:
Hello 2oldGeek,

Greetings to you. beautifully explained. You'd be surprised to know that I have asked questions about the 'hosts' file from many people including those who made it, Microsoft. No one has been able to give me proper explanation till I was fortunate to ask you.

Gee, thanks for the flowers, floccinaucini.

So glad I can help.

Originally posted by floccinaucini:
There is another interesting thing. I have been told (I forget by who), that you can also use non-routable addresses such as, 10.11.12.13 or 172.16.17.18 in place of 127.0.0.1

Will this be effective as well as 127.0.0.1? If it is, could you please explain how these non-routable addresses work, when blocking a domain?

You?re looking down the right roads and I?ll give you some direction. But before I do remember this, the Hosts file is useful in certain circumstances but I never recommend it as a stand alone. It?s not updated quick enough, will miss a lot of bad sites and contain others that are not really bad. There are other alternatives and I?ll get to that later. First, to answer your question:

Two frequently updated hosts files which have the purpose of blocking malicious websites that I use are the ones from MVPs Hosts and hpHosts.

Two criteria for selecting the IP address where to redirect the unwanted domains are: (a) it should be different from the ?real? address(es) and (b) they should be easily contactable (if they have a long delay, applications trying to contact them will block while trying to open a connection). Currently the loopback address (127.0.0.1) is used in both of the files I?ve mentioned; however this can cause problems in several situations:

? If a webserver is running on the local machine (for development), it will receive hits from the browser (which can interfere with the development process). Alternatively, if a different server is running on port 80 (or another port the application tries to contact) it may react in an unpredictable manner if it doesn?t understand the protocol (or the client might react incorrectly if the response is in a different format).
? Certain applications try to differentiate between local and remote sites by looking at the IP address and take different decisions. For example I?ve had problems with a Beta program because of my hosts file. More recently I have had issues with NoScript when using hosts files. (NoScript should be a Geek Only plugin. LOL)

The solution is to use an invalid IP address like 0.0.0.0. This, besides fixing the above issues, has also the added benefit of speed. A quick testing revealed a more than 100 fold improvement by using 0.0.0.0 instead of 127.0.0.1. My testing procedure was as follows:

1. I emptied my DNS cache (ipconfig /flushdns) and set up a hosts file with DNS names mapped to 127.0.0.1 (no server was listening on port 80)
2. I pinged each of the hostnames to get the domain names loaded in the cache
3. I tried to ?download? a website from each of names using wget with one try (wget ?t1 ?i). Trying to contact 100 sites took 1m 44s.
4. I repeated the same process using 0.0.0.0 and wget finished ~1 sec (!)

In conclusion: using 0.0.0.0 to block DNS names with the hosts file has many advantages both from a functionality and speed point of view. To do this, simple search/replace your hosts file from 127.0.0.1 to 0.0.0.0 this can be done with HostXpert.exe (take care to leave the localhost entry alone. That one needs to be mapped to 127.0.0.1). Also, you will want to add this entry just before your first 0.0.0.0 "blocking" entry:

# Special Entries

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

Without that entry, some network status and diagnostic apps will use the hostname associated with your first 0.0.0.0 "blocking" entry as the name of the default IP address.



Using a Hosts file can be beneficial to a point but, it cannot be updated soon enough to catch all the ?Bad Guys? as fast as they are being pumped into the internet. The same applies to Antivirus, AntiSpyware and AntiMalware programs.

I hope by now you have used a Hosts file like MVPs and can see how it works to block bad sites. Now, try something that works almost like a Hosts file but, uses a different technology that speeds up the discovery of the Bad guys so that you are protected much sooner and also lets you block categories like bad words or pictures with too much skin showing that you don?t your kids to be exposed to. It?s called ?Blue Coat K9 web protection? put that in Google and it will be the first thing to pop up. Read up on it then try it out. It?s Free for home use but you have to have a license to use it. You password it and your kids can?t get around it??.

There is no such thing as 'perfect security' but there are methods that are really close. Try out K9 and come back with more questions while I?m on a roll. Lol


2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hosts files
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork