Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my XP computer is hacked or infected.

Started by itsashowtime , Aug 17 2011 09:41 PM

  • This topic is locked This topic is locked

#1
itsashowtime
Posted 17 August 2011 - 09:41 PM

itsashowtime

    New Member

  • Member
  • Pip
  • 2 posts
hello. i'm suspecting my computer got infected or hacked, which is puzzling since i scan what i download and the only thing i remember downloading in the past two weeks was the Plex Media Server and iTeleport for use with my iPad. i opened up some ports experimenting with stuff which may have caused this to happen. prior to this the OS firewall on my computer was set to OFF as well.

i also remember clicking a link sent to me from a friend last night on Steam to tf2items.com which opened up a dialog asking me to run a Java program. i did not pay attention to the link and it may have been a fake link that looks very similar to the real link. my iTeleport crashed shortly after, and since this morning my computer hasn't been the same.

symptoms: my Administrator folder is gone, my Control Panel is gone, the Run command is gone, Task Manager opens and closes immediately, right-clicking anything and going to Properties leads to nothing...

i tried turning on the OS firewall by left-clicking it and it gives me a "this operation has been cancelled due to restrictions in effect on this computer. please contact your system administrator."

i did a Full Scan with microsoft security essentials which turned up nothing.

i then did a Quick Scan with microsoft security essentials and it turned up nothing.

i did not try any antimalware programs yet.

OTL ran successfully. and below is the OTL log file as per instructions:

OTL logfile created on: 8/17/2011 7:49:10 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\ch\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.28% Memory free
4.84 Gb Paging File | 3.60 Gb Available in Paging File | 74.27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 197.81 Gb Free Space | 42.47% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 33.28 Gb Free Space | 7.15% Space Free | Partition Type: NTFS
Drive E: | 111.79 Gb Total Space | 63.50 Gb Free Space | 56.81% Space Free | Partition Type: NTFS
Drive F: | 111.75 Gb Total Space | 80.63 Gb Free Space | 72.15% Space Free | Partition Type: NTFS
Drive G: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 55.67 Gb Total Space | 3.96 Gb Free Space | 7.12% Space Free | Partition Type: FAT32
Drive I: | 3.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OONWAD | User Name: ch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 19:48:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ch\My Documents\Downloads\OTL.exe
PRC - [2011/08/17 19:32:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ch\My Documents\Downloads\HijackThis.exe
PRC - [2011/08/17 03:13:40 | 000,212,992 | ---- | M] ([Company]) -- C:\Documents and Settings\ch\Application Data\Windows Update.exe
PRC - [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\ch\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/08/01 19:54:37 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\steam\Steam.exe
PRC - [2011/07/14 13:54:34 | 001,989,120 | ---- | M] (iTeleport LLC) -- C:\Program Files\iTeleport\iTeleport Connect\iTeleportConnect.exe
PRC - [2011/07/14 13:54:34 | 000,022,528 | ---- | M] (Microsoft) -- C:\Program Files\iTeleport\iTeleport Connect\iTeleportService.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/15 12:08:08 | 001,158,512 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2010/11/15 12:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 19:02:08 | 000,069,632 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe
PRC - [2005/08/18 01:55:00 | 000,099,328 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 14:39:18 | 014,407,976 | ---- | M] () -- C:\steam\bin\libcef.dll
MOD - [2011/08/17 14:38:29 | 000,190,248 | ---- | M] () -- C:\steam\bin\chromehtml.dll
MOD - [2011/08/17 14:38:28 | 000,914,216 | ---- | M] () -- C:\steam\bin\avcodec-52.dll
MOD - [2011/08/17 14:38:28 | 000,155,432 | ---- | M] () -- C:\steam\bin\avformat-52.dll
MOD - [2011/08/17 14:38:28 | 000,091,432 | ---- | M] () -- C:\steam\bin\avutil-50.dll
MOD - [2011/08/10 11:57:40 | 001,356,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
MOD - [2011/08/10 11:57:29 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
MOD - [2011/08/10 11:57:18 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
MOD - [2011/08/10 11:57:12 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
MOD - [2011/08/10 11:57:11 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/10 11:57:10 | 001,706,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
MOD - [2011/08/10 11:57:05 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011/08/10 11:57:02 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
MOD - [2011/08/10 11:57:00 | 001,116,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
MOD - [2011/08/10 11:56:22 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
MOD - [2011/08/10 10:26:44 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 10:26:40 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
MOD - [2011/08/10 10:26:34 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
MOD - [2011/08/10 10:26:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
MOD - [2011/08/10 10:26:12 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
MOD - [2011/08/10 10:12:31 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 10:12:27 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 10:12:15 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 10:12:02 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
MOD - [2011/08/10 10:11:57 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
MOD - [2011/08/10 10:10:48 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/10 00:13:21 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/08/10 00:13:16 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/08/10 00:13:14 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/08/10 00:06:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/08/05 19:21:25 | 000,400,440 | ---- | M] () -- C:\Documents and Settings\ch\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\ppgooglenaclpluginchrome.dll
MOD - [2011/08/05 19:21:24 | 004,118,072 | ---- | M] () -- C:\Documents and Settings\ch\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\pdf.dll
MOD - [2011/08/05 19:20:23 | 000,300,088 | ---- | M] () -- C:\Documents and Settings\ch\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\Locales\en-US.dll
MOD - [2011/08/05 19:19:58 | 000,104,520 | ---- | M] () -- C:\Documents and Settings\ch\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avutil-50.dll
MOD - [2011/08/05 19:19:56 | 000,203,848 | ---- | M] () -- C:\Documents and Settings\ch\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avformat-52.dll
MOD - [2011/08/05 19:19:55 | 001,846,344 | ---- | M] () -- C:\Documents and Settings\ch\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avcodec-52.dll
MOD - [2011/08/05 17:29:30 | 006,338,720 | ---- | M] () -- C:\Documents and Settings\ch\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\gcswf32.dll
MOD - [2011/07/14 13:54:34 | 000,663,040 | ---- | M] () -- C:\Program Files\iTeleport\iTeleport Connect\vncservice-wrapper.dll
MOD - [2011/07/14 13:54:34 | 000,026,112 | ---- | M] () -- C:\Program Files\iTeleport\iTeleport Connect\ZeroconfService.dll
MOD - [2011/07/14 13:54:24 | 000,963,072 | ---- | M] () -- C:\Program Files\iTeleport\iTeleport Connect\libjingle.dll
MOD - [2011/01/26 12:29:22 | 000,555,112 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/12/19 20:59:41 | 000,139,264 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/11/15 12:08:08 | 000,962,416 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/10/01 05:37:02 | 000,947,200 | ---- | M] () -- C:\Program Files\OpenVPN\bin\libeay32.dll
MOD - [2005/08/18 01:55:00 | 000,099,328 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/07/14 13:54:34 | 000,022,528 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\iTeleport\iTeleport Connect\iTeleportService.exe -- (iTeleportService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/14 14:31:04 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- c:\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2011/01/07 15:48:18 | 000,057,640 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/01/07 15:46:06 | 000,271,408 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011/01/05 11:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/12/19 21:46:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/15 12:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/11/03 14:39:25 | 003,904,976 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/10/15 11:42:14 | 000,326,704 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/01/18 19:02:08 | 000,069,632 | ---- | M] (Nikon Corporation) [Auto | Running] -- C:\Program Files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe -- (NkPtpEnumWT3)
SRV - [2006/10/01 05:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/17 14:14:11 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{702BDA3A-66BF-4E83-87D9-F815C9FC1D21}\MpKsl1d1176bd.sys -- (MpKsl1d1176bd)
DRV - [2011/03/12 03:44:16 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/11/02 17:07:54 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/25 11:59:32 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/10/25 11:59:28 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/09/22 12:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 12:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/08/05 15:16:42 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009/08/04 11:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/29 14:06:24 | 005,870,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/08 19:30:00 | 000,152,616 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008/11/11 23:52:36 | 000,018,984 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mrdd.sys -- (mrdd)
DRV - [2008/08/06 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/01/18 19:02:14 | 000,017,824 | ---- | M] (Nikon Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NkVBus.sys -- (VBus)
DRV - [2006/10/01 05:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/01/05 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/10 08:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3)
DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\ch\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\ch\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ch\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ch\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/10 23:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/10 23:49:59 | 000,000,000 | ---D | M]

[2011/01/15 13:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ch\Application Data\Mozilla\Extensions
[2011/08/17 14:03:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ch\Application Data\Mozilla\Firefox\Profiles\tb3bgvis.default\extensions
[2011/08/17 14:03:04 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\ch\Application Data\Mozilla\Firefox\Profiles\tb3bgvis.default\extensions\[email protected]
[2011/07/01 12:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/05 20:44:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/15 02:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/16 11:53:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/01/20 11:45:33 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/02/05 20:44:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/19 04:09:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/12/31 02:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/12/19 22:02:43 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
O4 - HKCU..\Run: [iTeleportConnect] C:\Program Files\iTeleport\iTeleport Connect\iTeleportConnect.exe (iTeleport LLC)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [Windows Update] C:\Documents and Settings\ch\Local Settings\Temp\WindowsUpdate.exe ([Company])
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.127.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/01/01 22:29:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/16 01:14:14 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 22:24:05 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2009/12/17 19:57:10 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/20 07:49:39 | 000,000,027 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup\rsrc\Autorun.exe
O33 - MountPoints2\I\Shell\dinstall\command - "" = I:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 03:16:00 | 000,212,992 | ---- | C] ([Company]) -- C:\Documents and Settings\ch\Application DataAdobeFlash.exe
[2011/08/17 03:13:40 | 000,212,992 | ---- | C] ([Company]) -- C:\Documents and Settings\ch\Application Data\Windows Update.exe
[2011/08/11 00:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ch\Local Settings\Application Data\Plex Media Server
[2011/08/10 23:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Plex Media Server
[2011/08/10 23:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Plex
[2011/08/10 23:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/10 23:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/10 23:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/10 23:50:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/10 23:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/07/29 11:53:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/29 11:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ch\Local Settings\Application Data\PCHealth
[2011/07/29 11:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2011/07/29 11:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTeleport
[2011/07/29 11:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTeleport
[2011/07/29 11:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ch\Start Menu\Programs\iTeleport
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/17 19:24:06 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003UA.job
[2011/08/17 14:35:45 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/17 14:20:15 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2011/08/17 14:19:29 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/17 14:19:12 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/17 14:14:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/17 04:08:45 | 000,212,992 | ---- | M] ([Company]) -- C:\Documents and Settings\ch\Application DataAdobeFlash.exe
[2011/08/17 03:24:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003Core.job
[2011/08/17 03:13:40 | 000,212,992 | ---- | M] ([Company]) -- C:\Documents and Settings\ch\Application Data\Windows Update.exe
[2011/08/13 08:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/11 01:49:09 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\ch\Application Data\winscp.rnd
[2011/08/10 23:55:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/10 22:47:29 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/08/10 12:05:01 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\ch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/10 00:13:37 | 000,493,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 00:13:37 | 000,084,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 00:11:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/29 11:41:56 | 005,267,456 | ---- | M] () -- C:\Documents and Settings\ch\Desktop\iTeleportConnectService.v5.2.7.msi
[2011/07/29 11:35:38 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/10 23:55:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/10 22:47:29 | 000,000,629 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/07/29 11:42:00 | 005,267,456 | ---- | C] () -- C:\Documents and Settings\ch\Desktop\iTeleportConnectService.v5.2.7.msi
[2011/07/29 11:40:34 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/04 22:32:54 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2011/06/29 02:48:57 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\ch\Application Data\winscp.rnd
[2011/06/12 20:18:44 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\ch\Local Settings\Application Data\PUTTY.RND
[2011/05/21 12:59:38 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2011/05/18 08:50:34 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\ch\Application Data\D2Info0
[2011/05/18 08:50:34 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\ch\Application Data\DofusAppId0_2
[2011/04/14 04:54:51 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/04/14 04:54:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/04/13 21:30:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/04/08 02:41:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PPD Plugins
[2011/04/08 02:41:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\ch\Application Data\Organic
[2011/04/08 02:41:38 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2011/04/08 02:41:38 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Track Settings
[2011/04/08 02:41:29 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PageLibraries
[2011/04/08 02:41:29 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\ch\Application Data\Organs
[2011/04/08 02:41:29 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Transportation
[2011/04/04 15:20:37 | 000,000,882 | ---- | C] () -- C:\WINDOWS\DC.ini
[2011/03/25 00:58:01 | 000,000,338 | ---- | C] () -- C:\WINDOWS\d3xp.ini
[2011/03/25 00:51:48 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2011/03/16 11:37:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/01 01:49:30 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2011/02/09 11:12:55 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/02/09 11:12:55 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/02/03 23:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2011/02/03 22:07:11 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2011/01/31 19:40:46 | 000,013,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/17 20:57:46 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Font Book
[2011/01/17 20:57:46 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\ch\Application Data\Flanger
[2011/01/17 20:57:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdx.DAT
[2011/01/17 20:57:46 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Galaxy Swirl
[2011/01/17 20:42:33 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\ch\Application Data\Fonts
[2011/01/17 20:42:33 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeq.DAT
[2011/01/17 20:42:33 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Halftone
[2011/01/17 19:27:01 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Fonts
[2011/01/17 19:27:01 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\ch\Application Data\Flowers
[2011/01/17 19:27:01 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/01/17 19:27:01 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Generic
[2011/01/17 19:24:58 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Funk Animals
[2011/01/17 19:24:58 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Folder Actions Handlers
[2011/01/17 19:24:58 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\ch\Application Data\Flange Saw
[2011/01/17 19:24:58 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/01/15 13:26:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/02 01:19:10 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/18 03:33:32 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\ch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 01:38:39 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/12/18 01:38:37 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/12/18 01:38:37 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/12/18 01:38:36 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/12/18 01:38:36 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/12/06 06:58:56 | 002,496,715 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/03 07:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/01 20:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/01/01 23:20:33 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2002/01/01 22:57:34 | 000,257,508 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2002/01/01 22:57:32 | 000,257,508 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2002/01/01 22:57:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2002/01/01 22:49:34 | 002,294,198 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2002/01/01 22:45:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2002/01/01 22:30:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/01/01 22:26:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/01/01 14:20:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/01/01 14:17:23 | 003,413,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/09/01 19:20:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/01 19:18:58 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 05:00:00 | 000,493,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 05:00:00 | 000,084,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/02/14 20:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/04/08 02:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/01/31 04:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/18 11:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/12/20 14:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/01/17 19:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/03/30 08:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/19 21:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/07/07 20:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2011/04/08 02:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/07/04 22:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xunlei
[2010/12/18 11:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/17 21:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\.minecraft
[2011/05/18 08:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\app
[2011/04/17 07:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\Bioshock
[2011/05/18 08:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\Dofus 2
[2011/05/18 08:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/07/29 11:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\Dropbox
[2011/01/20 22:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\EAC
[2011/07/05 02:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\foobar2000
[2011/04/03 14:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\LolClient
[2011/04/27 23:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\LucasArts
[2011/07/13 23:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\Mumble
[2011/04/08 02:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\Nikon
[2011/02/16 08:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\Notepad++
[2011/06/05 16:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\Opera
[2011/05/18 08:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/07/15 11:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\Spotify
[2011/08/16 22:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ch\Application Data\uTorrent
[2011/08/17 14:19:12 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >


-cH

Edited by itsashowtime, 17 August 2011 - 09:50 PM.

  • 0

Advertisements

#2
Essexboy
Posted 18 August 2011 - 01:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can resolve this issue for you

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
    O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
    O4 - HKCU..\Run: [Windows Update] C:\Documents and Settings\ch\Local Settings\Temp\WindowsUpdate.exe ([Company])
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    [2011/08/17 03:16:00 | 000,212,992 | ---- | C] ([Company]) -- C:\Documents and Settings\ch\Application DataAdobeFlash.exe
    [2011/08/17 03:13:40 | 000,212,992 | ---- | C] ([Company]) -- C:\Documents and Settings\ch\Application Data\Windows Update.exe


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Essexboy
Posted 22 August 2011 - 08:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP