Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PING.exe and website redirect

Started by kransilver , Oct 04 2011 05:56 PM

  • Please log in to reply

#1
kransilver
Posted 04 October 2011 - 05:56 PM

kransilver

    New Member

  • Member
  • Pip
  • 3 posts
Hello, thx for the help in advance.
Today it seems like I've found myself a bit of trouble, i dont know what happened but i was surfing the net like i usually do (youtube, netflix, play some of my online games and such). Then my internet speed started to slow down, and also my computer speed, (i have to open task manager and keep terminating "PING.exe" task every 30 seconds in order to do anything). i ran malwarebytes' Anti-Malware, did the scan, and it deleted a few things, ran it again and it was clean, i restarted my pc, and the problem was still there, i ran spybot-S&D did the scan, and no problems were found, i ran hijackthis and that looked like chinese to me and was afraid to do anything there.
Here is my OTL scan:

OTL logfile created on: 10/4/2011 6:34:34 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = B:\Mozilla Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 61.36% Memory free
8.00 Gb Paging File | 6.16 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 194.60 Gb Total Space | 36.09 Gb Free Space | 18.54% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 17.11 Gb Free Space | 11.48% Space Free | Partition Type: NTFS
Drive E: | 38.28 Gb Total Space | 38.18 Gb Free Space | 99.73% Space Free | Partition Type: NTFS
Drive N: | 931.51 Gb Total Space | 871.30 Gb Free Space | 93.54% Space Free | Partition Type: NTFS

Computer Name: KRANSILVER-PC | User Name: Kransilver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/04 18:33:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- B:\Mozilla Downloads\OTL.exe
PRC - [2011/09/30 03:58:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/25 21:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 03:58:25 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/23 10:55:30 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/28 14:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/28 13:24:32 | 000,173,056 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV:64bit: - [2011/05/28 13:24:32 | 000,173,056 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/21 17:40:15 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/07/28 15:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 13:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 15:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/01/26 19:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/12/28 17:56:32 | 000,026,472 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV:64bit: - [2006/10/31 00:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/03/18 09:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/12/11 21:02:24 | 000,016,768 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2006/10/31 00:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 D1 E0 DC D7 64 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://search.orbitd...downloader.com"
FF - prefs.js..keyword.URL: "http://www.startnow....6.1-x64-SP1&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kransilver\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kransilver\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 03:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/11 13:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kransilver\AppData\Roaming\Mozilla\Extensions
[2011/10/04 17:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kransilver\AppData\Roaming\Mozilla\Firefox\Profiles\rbsrxdfk.default\extensions
[2011/08/12 02:43:24 | 000,002,264 | ---- | M] () -- C:\Users\Kransilver\AppData\Roaming\Mozilla\Firefox\Profiles\rbsrxdfk.default\searchplugins\bing-zugo.xml
[2011/08/12 02:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/12 02:46:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/30 03:58:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kransilver\AppData\Local\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kransilver\AppData\Local\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kransilver\AppData\Local\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kransilver\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/04 17:10:30 | 000,436,871 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15052 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 184.16.4.22 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9314BC8-28AA-4C33-9491-B6232B943691}: DhcpNameServer = 192.168.0.1 184.16.4.22 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4af91a3a-c597-11e0-a2c5-00e04d970c68}\Shell - "" = AutoRun
O33 - MountPoints2\{4af91a3a-c597-11e0-a2c5-00e04d970c68}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/04 18:00:17 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011/10/04 17:55:47 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\wsInspector
[2011/10/04 17:55:21 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\Documents\wsInspector
[2011/10/04 17:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Inspector for Windows
[2011/10/04 17:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Startup Inspector for Windows
[2011/10/04 17:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/10/04 17:28:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011/10/04 17:28:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/04 16:55:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/04 16:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/04 16:44:09 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/04 05:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/04 05:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/04 05:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/04 04:52:29 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/04 04:43:54 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Windows Live Writer
[2011/10/04 04:43:54 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\Windows Live Writer
[2011/10/04 04:42:02 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{4DE70A88-2E35-414F-B3BB-A54F52CD7074}
[2011/10/04 04:41:49 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{A0D59A48-E261-4302-854C-6CA9C2D4001F}
[2011/10/04 04:35:23 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Malwarebytes
[2011/10/04 04:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/04 04:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/04 04:35:14 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/04 04:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/04 04:30:35 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Guard 2012
[2011/10/04 04:30:35 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\PZZqqhYXwkUVlOt
[2011/10/04 04:30:35 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\gPP00uccS1bD3n4
[2011/10/04 04:30:31 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\S3oonnG4aQ
[2011/10/04 04:30:30 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\KEEKK8gRZ9hYwkV
[2011/10/04 04:26:13 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/10/02 11:15:22 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{7E334B56-6EC2-4A8F-9D86-7401294B0412}
[2011/10/01 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dekaron Evolution
[2011/09/30 16:02:26 | 001,201,152 | ---- | C] (ShockingSoft) -- C:\Users\Kransilver\Desktop\AutoClicker.exe
[2011/09/28 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/28 18:02:35 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{C8DA3B5F-D2AB-4C47-B538-EE24EC2AAF89}
[2011/09/28 18:01:55 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{CEA15AA9-8406-4E37-9BEB-DA5F040E9DA5}
[2011/09/28 05:43:55 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bl00d~DrAg0n
[2011/09/27 14:08:45 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{4AE21CC1-F795-457B-8310-14719085EDC9}
[2011/09/24 15:02:57 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{6570EBD9-F136-4251-822F-1E31B2FD9A5B}
[2011/09/24 15:02:46 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{EC4C587D-6A48-45F8-8E10-BA7B2A79236E}
[2011/09/23 17:54:03 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LMS Perfect World
[2011/09/23 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Rebirth
[2011/09/23 11:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Rebirth
[2011/09/21 17:40:50 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{011FBE59-E89C-4072-B3AC-7FBD4CB07FB9}
[2011/09/21 17:40:37 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{BE9B103C-5311-4071-8C01-2977D3290AA0}
[2011/09/19 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
[2011/09/19 17:05:06 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\assembly
[2011/09/19 17:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
[2011/09/19 17:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft
[2011/09/19 02:22:22 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\Documents\Updater5
[2011/09/18 15:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/09/18 15:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/09/18 15:32:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011/09/18 15:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/09/17 19:12:42 | 000,017,128 | ---- | C] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe
[2011/09/17 14:08:34 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\Documents\Eidos
[2011/09/17 14:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2011/09/17 13:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eidos
[2011/09/16 16:07:07 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{D803DDC1-BF80-4BBD-84C8-73B513C05A25}
[2011/09/16 16:06:56 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{EA31AFFB-3100-4D62-8495-22467990F1D3}
[2011/09/15 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\GetRightToGo
[2011/09/15 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\Documents\Downloads
[2011/09/14 09:43:59 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{682EF423-9059-4A18-8693-6A35B874DB55}
[2011/09/14 09:43:49 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{018A47DF-513A-4352-BCD2-85C3D9967DE9}
[2011/09/13 14:13:12 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{B2A0033A-F7A5-4900-80CB-432996099564}
[2011/09/13 14:13:01 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{4AFBA3CC-8407-4434-A18B-C28A2E1CDC09}
[2011/09/13 03:09:06 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Need for Speed World
[2011/09/13 01:25:59 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\Electronic_Arts_Inc
[2011/09/12 22:47:34 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{25C838C7-00A8-4D9B-A5A1-816972958CA0}
[2011/09/12 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\{9CD46744-529A-452B-A271-7F68FE1D3B91}
[2011/09/12 22:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World
[2011/09/12 22:02:55 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2011/09/12 17:12:36 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Local\Ubisoft Game Launcher
[2011/09/11 01:10:06 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\Documents\Criterion Games
[2011/09/10 23:36:44 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\FreeArc
[2011/09/10 23:36:36 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeArc
[2011/09/10 23:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc
[2011/09/10 23:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeArc
[2011/09/10 23:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Juarez The Cartel
[2011/09/10 23:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc
[2011/09/10 23:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc
[2011/09/10 23:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black_Box
[2011/09/10 22:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/09/10 22:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/09/09 18:36:53 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Rovio
[2011/09/07 06:40:28 | 000,000,000 | ---D | C] -- C:\Users\Kransilver\AppData\Roaming\Airytec
[2011/09/07 06:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Airytec
[2011/09/05 17:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driving Simulator 2011
[2011/09/05 17:06:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Lightrock Entertainment
[2011/09/05 17:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lightrock Entertainment
[2011/08/11 20:46:22 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/04 18:10:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/04 18:09:54 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/04 18:09:31 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/10/04 18:08:58 | 000,157,044 | ---- | M] () -- C:\Users\Kransilver\AppData\Local\census.cache
[2011/10/04 18:08:53 | 000,110,899 | ---- | M] () -- C:\Users\Kransilver\AppData\Local\ars.cache
[2011/10/04 17:58:54 | 000,000,036 | ---- | M] () -- C:\Users\Kransilver\AppData\Local\housecall.guid.cache
[2011/10/04 17:55:00 | 000,001,063 | ---- | M] () -- C:\Users\Kransilver\Desktop\Startup Inspector for Windows.lnk
[2011/10/04 17:54:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1467091582-943645672-992664979-1000UA.job
[2011/10/04 17:48:53 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/04 17:37:56 | 000,737,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/04 17:37:56 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/04 17:37:56 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/04 17:10:30 | 000,436,871 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/04 16:44:09 | 000,002,999 | ---- | M] () -- C:\Users\Kransilver\Desktop\HiJackThis.lnk
[2011/10/04 12:29:30 | 000,386,348 | ---- | M] () -- C:\Users\Kransilver\Desktop\k25.PNG
[2011/10/04 12:23:25 | 002,851,208 | ---- | M] () -- C:\Users\Kransilver\Desktop\Autoclicker.PNG
[2011/10/04 05:23:54 | 000,001,282 | ---- | M] () -- C:\Users\Kransilver\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 05:23:54 | 000,001,258 | ---- | M] () -- C:\Users\Kransilver\Desktop\Spybot - Search & Destroy.lnk
[2011/10/04 04:35:17 | 000,001,133 | ---- | M] () -- C:\Users\Kransilver\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/04 04:35:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/03 19:54:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1467091582-943645672-992664979-1000Core.job
[2011/10/02 04:05:27 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/02 04:05:27 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 16:55:38 | 000,002,427 | ---- | M] () -- C:\Users\Kransilver\Desktop\Google Chrome.lnk
[2011/10/01 12:58:14 | 000,000,733 | ---- | M] () -- C:\Users\Kransilver\Desktop\Dekaron Evolution.lnk
[2011/10/01 02:54:20 | 000,001,868 | ---- | M] () -- C:\Users\Kransilver\Desktop\Dekaron Core Launcher.exe - Shortcut.lnk
[2011/09/28 05:43:55 | 000,000,912 | ---- | M] () -- C:\Users\Kransilver\Desktop\Bl00d~DrAg0n.lnk
[2011/09/26 05:25:08 | 000,187,904 | ---- | M] () -- C:\Users\Kransilver\Desktop\MultiWindow.exe
[2011/09/25 21:41:11 | 000,000,839 | ---- | M] () -- C:\Users\Kransilver\Desktop\Perfect World EXordium.lnk
[2011/09/23 17:54:07 | 000,000,664 | ---- | M] () -- C:\Users\Kransilver\Desktop\LMSPW.lnk
[2011/09/23 11:18:48 | 000,000,624 | ---- | M] () -- C:\Users\Kransilver\Desktop\Perfect World Rebirth.lnk
[2011/09/20 12:34:52 | 000,001,547 | ---- | M] () -- C:\Users\Kransilver\Desktop\IALauncher.exe - Shortcut.lnk
[2011/09/19 17:07:28 | 000,002,102 | ---- | M] () -- C:\Users\Kransilver\Desktop\Aion.lnk
[2011/09/19 17:04:42 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2011/09/17 19:15:16 | 000,001,881 | ---- | M] () -- C:\Users\Kransilver\Desktop\BmStartApp.exe - Shortcut.lnk
[2011/09/13 01:25:40 | 000,002,217 | ---- | M] () -- C:\Users\Kransilver\Desktop\Need For Speed World.lnk
[2011/09/11 01:09:32 | 000,001,861 | ---- | M] () -- C:\Users\Kransilver\Desktop\Launcher.exe - Shortcut.lnk
[2011/09/10 23:36:36 | 000,001,097 | ---- | M] () -- C:\Users\Kransilver\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeArc.lnk
[2011/09/10 23:36:36 | 000,001,073 | ---- | M] () -- C:\Users\Kransilver\Desktop\FreeArc.lnk
[2011/09/10 23:33:10 | 000,001,289 | ---- | M] () -- C:\Users\Public\Desktop\Call of Juarez The Cartel.lnk
[2011/09/10 23:29:11 | 000,001,853 | ---- | M] () -- C:\Users\Kransilver\Application Data\Microsoft\Internet Explorer\Quick Launch\IZArc.lnk
[2011/09/10 23:29:11 | 000,001,829 | ---- | M] () -- C:\Users\Kransilver\Desktop\IZArc.lnk
[2011/09/07 06:40:03 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Airytec Switch Off.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/04 18:09:31 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/10/04 18:08:58 | 000,157,044 | ---- | C] () -- C:\Users\Kransilver\AppData\Local\census.cache
[2011/10/04 18:08:53 | 000,110,899 | ---- | C] () -- C:\Users\Kransilver\AppData\Local\ars.cache
[2011/10/04 17:58:54 | 000,000,036 | ---- | C] () -- C:\Users\Kransilver\AppData\Local\housecall.guid.cache
[2011/10/04 17:55:00 | 000,001,063 | ---- | C] () -- C:\Users\Kransilver\Desktop\Startup Inspector for Windows.lnk
[2011/10/04 17:48:32 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/04 16:44:09 | 000,002,999 | ---- | C] () -- C:\Users\Kransilver\Desktop\HiJackThis.lnk
[2011/10/04 12:29:30 | 000,386,348 | ---- | C] () -- C:\Users\Kransilver\Desktop\k25.PNG
[2011/10/04 12:23:25 | 002,851,208 | ---- | C] () -- C:\Users\Kransilver\Desktop\Autoclicker.PNG
[2011/10/04 05:23:54 | 000,001,282 | ---- | C] () -- C:\Users\Kransilver\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 05:23:54 | 000,001,258 | ---- | C] () -- C:\Users\Kransilver\Desktop\Spybot - Search & Destroy.lnk
[2011/10/04 04:35:17 | 000,001,133 | ---- | C] () -- C:\Users\Kransilver\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/04 04:35:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/01 12:58:14 | 000,000,733 | ---- | C] () -- C:\Users\Kransilver\Desktop\Dekaron Evolution.lnk
[2011/10/01 02:54:20 | 000,001,868 | ---- | C] () -- C:\Users\Kransilver\Desktop\Dekaron Core Launcher.exe - Shortcut.lnk
[2011/09/28 19:55:44 | 000,002,427 | ---- | C] () -- C:\Users\Kransilver\Desktop\Google Chrome.lnk
[2011/09/28 19:49:34 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1467091582-943645672-992664979-1000UA.job
[2011/09/28 19:49:33 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1467091582-943645672-992664979-1000Core.job
[2011/09/28 05:43:55 | 000,000,912 | ---- | C] () -- C:\Users\Kransilver\Desktop\Bl00d~DrAg0n.lnk
[2011/09/26 05:25:32 | 000,187,904 | ---- | C] () -- C:\Users\Kransilver\Desktop\MultiWindow.exe
[2011/09/25 21:41:11 | 000,000,839 | ---- | C] () -- C:\Users\Kransilver\Desktop\Perfect World EXordium.lnk
[2011/09/23 17:54:07 | 000,000,664 | ---- | C] () -- C:\Users\Kransilver\Desktop\LMSPW.lnk
[2011/09/23 11:18:48 | 000,000,624 | ---- | C] () -- C:\Users\Kransilver\Desktop\Perfect World Rebirth.lnk
[2011/09/20 12:34:52 | 000,001,547 | ---- | C] () -- C:\Users\Kransilver\Desktop\IALauncher.exe - Shortcut.lnk
[2011/09/19 17:07:28 | 000,002,102 | ---- | C] () -- C:\Users\Kransilver\Desktop\Aion.lnk
[2011/09/19 17:04:42 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2011/09/17 19:15:16 | 000,001,881 | ---- | C] () -- C:\Users\Kransilver\Desktop\BmStartApp.exe - Shortcut.lnk
[2011/09/13 01:25:40 | 000,002,217 | ---- | C] () -- C:\Users\Kransilver\Desktop\Need For Speed World.lnk
[2011/09/11 01:09:32 | 000,001,861 | ---- | C] () -- C:\Users\Kransilver\Desktop\Launcher.exe - Shortcut.lnk
[2011/09/10 23:36:36 | 000,001,097 | ---- | C] () -- C:\Users\Kransilver\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeArc.lnk
[2011/09/10 23:36:36 | 000,001,073 | ---- | C] () -- C:\Users\Kransilver\Desktop\FreeArc.lnk
[2011/09/10 23:33:10 | 000,001,289 | ---- | C] () -- C:\Users\Public\Desktop\Call of Juarez The Cartel.lnk
[2011/09/10 23:29:11 | 000,001,853 | ---- | C] () -- C:\Users\Kransilver\Application Data\Microsoft\Internet Explorer\Quick Launch\IZArc.lnk
[2011/09/10 23:29:11 | 000,001,829 | ---- | C] () -- C:\Users\Kransilver\Desktop\IZArc.lnk
[2011/09/07 06:40:03 | 000,000,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airytec Switch Off.lnk
[2011/09/07 06:40:03 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Airytec Switch Off.lnk
[2011/09/02 14:15:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/24 20:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/08/11 20:46:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/11 20:46:22 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/08/11 20:46:22 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/08/11 20:46:22 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/11 20:46:22 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/11 13:59:22 | 002,469,248 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/08/11 13:59:22 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/08/11 13:59:22 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/08/11 13:59:22 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/08/11 13:59:22 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/13 21:05:38 | 002,014,958 | ---- | C] () -- C:\ProgramData\CleanupFiles.exe
[2010/01/26 19:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\Windows\SysWow64\wsiShared.dll

========== LOP Check ==========

[2011/09/07 06:40:28 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\Airytec
[2011/10/04 04:53:20 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\BitTorrent
[2011/08/28 02:20:11 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\DYA_NVURBDAHNPILDSNTI
[2011/09/10 23:36:44 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\FreeArc
[2011/09/15 13:23:13 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\GetRightToGo
[2011/10/04 04:30:35 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\gPP00uccS1bD3n4
[2011/09/02 23:31:29 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\GrabPro
[2011/10/04 04:30:30 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\KEEKK8gRZ9hYwkV
[2011/09/13 03:09:06 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\Need for Speed World
[2011/09/03 01:45:41 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\Neoretix
[2011/09/10 15:43:00 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\Orbit
[2011/09/02 23:31:32 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\ProgSense
[2011/10/04 04:30:35 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\PZZqqhYXwkUVlOt
[2011/09/09 18:36:53 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\Rovio
[2011/10/04 04:39:11 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\S3oonnG4aQ
[2011/09/16 20:55:24 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\SystemRequirementsLab
[2011/10/04 04:44:23 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\Windows Live Writer
[2011/10/04 17:56:34 | 000,000,000 | ---D | M] -- C:\Users\Kransilver\AppData\Roaming\wsInspector
[2009/07/13 22:08:49 | 000,015,380 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BF1V4WG4H6PT4KGM8HTV4K6N636VFSVF7JB4VPJGF

< End of report >
  • 0

Advertisements

#2
kransilver
Posted 06 October 2011 - 05:50 AM

kransilver

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
ok, i managed to get rid of the PING.EXE by taking ownership of the whole SysWOW64 folder, then changing the permission from trusted installer, to my admin account, then deleting the PING.EXE thing. that stopped the slow internet speed and computer lag completely. however i still have the google redirect problem, keeps redirecting me to weird websites, so i decided to keep away from google for a while. i found a suspicious looking .EXE near PING.EXE while i was trying to get rid of it. it's called PATHING.EXE; says it's another TCP/IP command just like PING.EXE. just wanted to consult you guys to see if you guys have that also under your SysWOW64 folder, if not i shall proceed to get rid of it and hopefully get rid of the redirect problem.
  • 0

#3
kransilver
Posted 06 October 2011 - 06:47 AM

kransilver

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
You can go ahead and close this thread, solved my own problem. The help you guys provided others with the same problem seemed too complicated to solve a simple problem.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP