Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you sign in.
Create an Account Login to Account

Google redirects , Olmarik.tdl4 and Sirefef.ch trojans


  • This topic is locked This topic is locked

#1
Psydream

Psydream

    Member

  • Member
  • PipPip
  • 22 posts
Hello! I am fighting 5 hours already , reading every topic here and i couldnt get rid of my problem . I got infected with google redirect virus and my antivirus Eset smart security find these
17/11/2011 8:39:48 μμ Startup scanner file C:\Windows\assembly\GAC_MSIL\Desktop.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting (after the next restart) i have rebooted lot of times still have this Sirefef.ch trojan

17/11/2011 8:39:48 μμ Startup scanner operating memory Operating memory Win32/Olmarik.TDL4 trojan unable to clean
I have used Malwarebytes' Anti-Malware - SUPERantispyware-Rkill- but still having the problem. And i cant run TDSSKiller.exe renamed it with .com read so many topics about that but i cant alone. Sometimes it installs a privasy system programm that prevents me to open anythink
i open task manager and managed to stop that . Here are the logs from OTL.txt and Extras.txt

I apologise for my bad english, i really do !





OTL logfile created on: 17/11/2011 18:57:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Downloads\Compressed
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

2,96 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,33% Memory free
8,82 Gb Paging File | 7,51 Gb Available in Paging File | 85,14% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 930,90 Gb Total Space | 726,19 Gb Free Space | 78,01% Space Free | Partition Type: NTFS

Computer Name: PC-PSYDREAM | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/17 18:57:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Downloads\Compressed\OTL.exe
PRC - [2011/11/10 00:19:39 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/03 13:50:00 | 002,255,464 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 13:50:00 | 000,805,888 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/08/03 13:50:00 | 000,373,864 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/08/03 02:31:42 | 000,372,736 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/07/07 14:49:23 | 003,270,040 | -H-- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/06/21 17:57:40 | 000,192,512 | -H-- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011/04/22 14:08:52 | 000,801,680 | -H-- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/05/25 17:28:58 | 000,263,600 | -H-- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2010/03/25 13:39:22 | 000,484,864 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/18 11:26:08 | 000,166,912 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/09/11 06:24:32 | 000,735,960 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 06:23:46 | 002,054,360 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | -H-- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 00:19:39 | 001,989,592 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 12:19:44 | 000,076,800 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko8.dll
MOD - [2011/08/13 06:35:11 | 006,277,280 | -H-- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/03 02:31:28 | 000,255,592 | -H-- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/04/22 14:08:54 | 000,347,024 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/04/22 14:08:54 | 000,179,088 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/04/22 14:08:54 | 000,046,480 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010/01/21 01:34:10 | 008,793,952 | -H-- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | -H-- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/03 13:50:00 | 002,255,464 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 02:31:42 | 000,372,736 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/29 15:59:18 | 000,155,344 | -H-- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/06/21 17:57:40 | 000,192,512 | -H-- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011/04/22 14:08:52 | 000,350,720 | -H-- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/25 19:07:20 | 000,117,264 | -H-- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/14 22:39:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 13:39:22 | 000,484,864 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 11:26:08 | 000,166,912 | -H-- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/21 17:51:12 | 030,963,576 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/15 14:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/11 06:33:18 | 000,020,680 | -H-- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 06:24:32 | 000,735,960 | -H-- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/30 11:23:26 | 000,090,112 | -H-- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)


========== Driver Services (SafeList) ==========

DRV - [2011/11/17 18:48:08 | 000,023,624 | ---- | M] () [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/08/03 13:50:00 | 010,304,104 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/12/21 18:29:06 | 000,085,232 | -H-- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010/12/09 22:31:23 | 000,075,592 | -H-- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva370.sys -- (XDva370)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/26 15:32:28 | 000,022,000 | -H-- | M] (SoftEther Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Neo_0001.sys -- (Neo_VPN)
DRV - [2010/06/25 19:07:14 | 000,035,088 | -H-- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/10/21 05:27:42 | 001,102,848 | -H-- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/09/11 06:26:26 | 000,038,240 | -H-- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/09/11 06:26:20 | 000,135,048 | -H-- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 06:23:50 | 000,108,792 | -H-- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 06:17:16 | 000,116,008 | -H-- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/07/16 13:36:30 | 000,013,216 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/06/19 08:10:40 | 000,033,096 | -H-- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/03/25 17:48:00 | 000,114,728 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 17:48:00 | 000,106,208 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 17:48:00 | 000,104,744 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 17:48:00 | 000,026,024 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 17:48:00 | 000,015,016 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2007/04/24 08:33:34 | 000,083,336 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007/04/23 13:54:50 | 000,100,488 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 13:54:50 | 000,098,568 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 13:54:48 | 000,108,680 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 13:54:48 | 000,015,112 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 13:54:46 | 000,083,208 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/04/03 13:57:42 | 000,083,336 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/02/16 02:57:04 | 000,034,760 | -H-- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?m...el-gr&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el-GR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 33 E1 E4 7A 3E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "http://radiobar.tool...spx?srch=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 00:19:40 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 12:00:48 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/04/20 17:53:40 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Alex\AppData\Roaming\IDM\idmmzcc3 [2011/07/07 14:54:17 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Alex\AppData\Roaming\IDM\idmmzcc3 [2011/07/07 14:54:17 | 000,000,000 | -H-D | M]

[2011/07/09 17:27:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/11/12 22:32:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\extensions
[2011/11/07 15:04:29 | 000,000,000 | -H-D | M] (Zynga Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/11/08 20:58:56 | 000,000,000 | -H-D | M] (uTorrentBar Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/11/12 22:32:03 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/13 21:08:51 | 000,000,000 | -H-D | M] (Facemoods) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\extensions\ffxtlbr@Facemoods.com
[2010/07/30 19:12:14 | 000,000,000 | -H-D | M] (RadioBar Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\extensions\radiobar@toolbar
[2011/07/09 17:26:42 | 000,000,000 | -H-D | M] (Nero Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\extensions\toolbar@ask.com
[2010/03/23 17:16:57 | 000,001,819 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\searchplugins\bing.xml
[2010/04/19 07:05:59 | 000,001,589 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xrt4sz3e.default\searchplugins\web-search.xml
[2011/10/01 12:28:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/31 22:42:52 | 000,000,000 | -H-D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/16 12:16:13 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 11:29:45 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/23 17:50:19 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 14:50:31 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 09:44:36 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/29 23:25:23 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/08/09 21:12:28 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/10 00:19:39 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 12:28:25 | 000,001,525 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/01 12:28:25 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/01 12:28:25 | 000,000,760 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/01 12:28:25 | 000,001,219 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2011/04/11 13:25:57 | 000,000,758 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 L2authd.Lineage2.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (brincome browser plug-in) - {2017E14F-7C5C-8840-CBE6-8326E828A4BA} - Reg Error: Value error. File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} http://down.hangame....r/PubPlugin.cab (PubPlugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7577AB96-1782-4EDB-9289-C12941860942}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Alex\AppData\Local\10d53ccf\X) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cf8ff8b3-25fc-11e0-a065-00acc45d4b9a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8ff8b3-25fc-11e0-a065-00acc45d4b9a}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/17 18:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/11/17 18:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/11/17 18:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/17 18:16:21 | 006,479,085 | ---- | C] (BitDefender LLC) -- C:\Users\Alex\Desktop\BDRemovalTool_TDSS_TDL4__x86.exe
[2011/11/17 18:15:44 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2011/11/17 18:15:13 | 006,480,192 | ---- | C] (SurfRight B.V.) -- C:\Users\Alex\Desktop\HitmanPro35.exe
[2011/11/17 18:03:50 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/17 18:03:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2011/11/17 18:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/17 18:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/17 18:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/17 17:58:54 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\TDSSKiller.exe
[2011/11/17 14:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixAuto
[2011/11/17 14:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\FixAuto
[2011/11/17 14:19:41 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/11/17 14:03:47 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/11/17 13:55:21 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\10d53ccf
[2011/11/17 13:40:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/16 01:50:12 | 000,000,000 | -H-D | C] -- C:\Users\Alex\Documents\BrawlBusters
[2011/11/16 00:56:12 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrawlBusters(EN)
[2011/11/16 00:54:09 | 000,000,000 | -H-D | C] -- C:\Program Files\BrawlBusters(EN)
[2011/11/14 02:28:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Combat Points
[2011/11/14 02:28:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Auto Combat Points
[2011/11/13 18:45:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\kjbl
[2011/11/03 03:01:04 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\Akamai
[2011/10/31 22:42:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/01/30 23:22:07 | 000,148,736 | -H-- | C] (Avanquest Software) -- C:\ProgramData\hpe51E6.dll
[3 C:\Users\Alex\AppData\Local\*.tmp files -> C:\Users\Alex\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/11/17 18:55:09 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 18:55:09 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 18:48:08 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/11/17 18:47:23 | 000,001,164 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/17 18:47:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/17 18:47:15 | 2383,716,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/17 18:44:47 | 000,002,252 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/11/17 18:41:45 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/11/17 18:38:07 | 000,001,168 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/17 18:17:04 | 006,479,085 | ---- | M] (BitDefender LLC) -- C:\Users\Alex\Desktop\BDRemovalTool_TDSS_TDL4__x86.exe
[2011/11/17 18:16:08 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Users\Alex\Desktop\HitmanPro35.exe
[2011/11/17 18:15:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2011/11/17 18:15:25 | 000,080,384 | ---- | M] () -- C:\Users\Alex\Desktop\MBRCheck.exe
[2011/11/17 18:05:40 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/17 18:02:59 | 000,001,095 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/17 18:02:59 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 17:50:52 | 000,002,447 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/11/17 17:50:52 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 7.0.lnk
[2011/11/17 14:38:15 | 000,407,160 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/17 14:03:51 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~WUIqt6wga1MENt
[2011/11/17 14:03:51 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~WUIqt6wga1MENtr
[2011/11/17 12:53:48 | 000,008,192 | -H-- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 12:47:43 | 000,616,272 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/17 12:47:43 | 000,388,320 | -H-- | M] () -- C:\Windows\System32\perfh011.dat
[2011/11/17 12:47:43 | 000,106,370 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/17 12:47:43 | 000,106,190 | -H-- | M] () -- C:\Windows\System32\perfc011.dat
[2011/11/16 12:21:12 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\TDSSKiller.exe
[2011/11/16 00:56:12 | 000,001,117 | -H-- | M] () -- C:\Users\Alex\Desktop\BrawlBusters(EN).lnk
[2011/11/10 00:20:15 | 000,001,998 | -H-- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/03 20:22:30 | 000,000,069 | -H-- | M] () -- C:\Windows\NeroDigital.ini
[2011/10/24 22:00:06 | 000,000,111 | -H-- | M] () -- C:\Windows\GMouse.ini
[3 C:\Users\Alex\AppData\Local\*.tmp files -> C:\Users\Alex\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/17 18:44:47 | 000,002,252 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/11/17 18:33:26 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/11/17 18:33:26 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/11/17 18:15:26 | 000,080,384 | ---- | C] () -- C:\Users\Alex\Desktop\MBRCheck.exe
[2011/11/17 18:02:59 | 000,001,095 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/17 18:02:59 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 17:50:52 | 000,002,761 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 7.0.lnk
[2011/11/17 17:50:52 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/11/17 17:50:52 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 7.0.lnk
[2011/11/17 14:03:51 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~WUIqt6wga1MENtr
[2011/11/17 14:03:50 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~WUIqt6wga1MENt
[2011/11/16 00:56:12 | 000,001,117 | -H-- | C] () -- C:\Users\Alex\Desktop\BrawlBusters(EN).lnk
[2011/09/28 11:11:37 | 000,000,000 | -H-- | C] () -- C:\Users\Alex\AppData\Local\{93020190-ECD7-4925-A091-5FB34C03EEAB}
[2011/09/28 11:07:53 | 000,000,000 | -H-- | C] () -- C:\Users\Alex\AppData\Local\{993B00CA-B36B-4BCE-848E-388961863F44}
[2011/09/28 11:05:50 | 000,000,000 | -H-- | C] () -- C:\Users\Alex\AppData\Local\{B4BDABBD-D303-4AE9-BC60-85A31FBE1306}
[2011/09/20 15:16:08 | 000,000,111 | -H-- | C] () -- C:\Windows\GMouse.ini
[2011/08/19 16:59:07 | 000,143,452 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/08/03 02:31:54 | 000,311,912 | -H-- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/07/23 23:38:51 | 000,000,175 | -H-- | C] () -- C:\Windows\EQ3D.ini
[2011/07/10 00:25:33 | 000,141,200 | -H-- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/07/10 00:25:33 | 000,138,056 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\PnkBstrK.sys
[2011/07/10 00:25:00 | 000,281,656 | -H-- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/07/10 00:24:58 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/06/10 13:33:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\WindowsInfo.ini
[2011/06/10 05:34:52 | 000,080,416 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/05/31 08:39:50 | 000,058,368 | -H-- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011/05/31 08:38:18 | 000,015,360 | -H-- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011/05/29 20:14:44 | 000,000,127 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2011/05/08 14:21:15 | 000,000,287 | -H-- | C] () -- C:\Windows\game.ini
[2011/05/01 15:06:26 | 000,041,104 | -H-- | C] () -- C:\Windows\System32\umsvfyvgmlbl.exe
[2011/04/26 10:17:04 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/04/16 18:51:16 | 000,041,872 | -H-- | C] () -- C:\Windows\System32\xfcodec.dll
[2011/04/09 17:55:28 | 000,179,261 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/09 14:34:30 | 000,000,193 | -H-- | C] () -- C:\Windows\WORDPAD.INI
[2010/12/02 14:51:30 | 000,004,908 | -H-- | C] () -- C:\Users\Alex\AppData\Local\DreamCalc DC4G.dat
[2010/11/12 20:40:27 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2010/11/04 15:35:14 | 000,000,588 | -H-- | C] () -- C:\Windows\PowerReg.dat
[2010/11/04 13:35:27 | 000,000,147 | -H-- | C] () -- C:\Windows\wa.INI
[2010/07/08 15:16:29 | 000,008,192 | -H-- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/26 16:46:02 | 000,388,320 | -H-- | C] () -- C:\Windows\System32\perfh011.dat
[2010/06/26 16:46:02 | 000,141,988 | -H-- | C] () -- C:\Windows\System32\perfi011.dat
[2010/06/26 16:46:02 | 000,106,190 | -H-- | C] () -- C:\Windows\System32\perfc011.dat
[2010/06/26 16:46:02 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd011.dat
[2010/06/25 19:03:12 | 000,053,299 | -H-- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/07 17:18:56 | 000,000,163 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\default.rss
[2010/06/05 22:08:45 | 000,007,597 | -H-- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2010/05/08 15:09:16 | 000,000,112 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\Current.prx
[2010/04/14 22:10:51 | 001,589,248 | -H-- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010/04/11 17:05:37 | 000,692,224 | -H-- | C] () -- C:\Windows\System32\bsrmgcv.dll
[2010/04/11 17:05:37 | 000,192,512 | -H-- | C] () -- C:\Windows\System32\bsrmgps.dll
[2010/04/11 17:05:37 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\bsrgvas.dll
[2010/04/11 17:04:40 | 000,585,728 | -H-- | C] () -- C:\Windows\System32\bsratswf.dll
[2010/04/11 17:04:40 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\bsratwmv.dll
[2010/03/26 17:49:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/24 17:15:58 | 000,000,067 | -H-- | C] () -- C:\Windows\IDMan.INI
[2010/03/22 13:26:51 | 000,001,769 | -H-- | C] () -- C:\Windows\Language_trs.ini
[2010/03/22 13:26:46 | 000,018,074 | -H-- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/16 13:36:30 | 000,013,216 | -H-- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,407,160 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,272 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,370 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/02 22:30:14 | 000,010,296 | -H-- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2005/04/14 10:25:46 | 001,073,152 | -H-- | C] () -- C:\Windows\System32\libmysql_c.dll

========== LOP Check ==========

[2011/09/10 10:34:07 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\BSplayer
[2010/09/08 22:52:36 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\BSplayer Pro
[2010/08/07 09:11:48 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Net
[2011/07/24 10:35:20 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Pro
[2011/11/17 16:13:52 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\DMCache
[2011/07/09 23:07:08 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\ESET
[2011/09/21 01:21:18 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\EurekaLog
[2011/07/15 13:39:43 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\gamigo
[2011/07/19 13:16:37 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2010/08/13 15:33:25 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Greekddl
[2011/03/24 09:56:24 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Guitar Pro 6
[2011/09/16 02:30:33 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\IDM
[2011/08/26 01:03:28 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\IObit
[2011/07/15 13:28:58 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\launcher
[2011/07/09 22:52:23 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\LolClient
[2011/07/15 13:36:58 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Martial Empires Launcher
[2011/07/10 23:35:19 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Nitro PDF
[2011/07/09 23:12:38 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\OpenCandy
[2011/08/01 22:46:08 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Pogo
[2010/09/11 20:35:56 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\RapidTyping
[2011/04/30 15:24:47 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\SmartDraw
[2011/01/30 21:09:15 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Sony
[2011/01/23 11:43:53 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\SystemRequirementsLab
[2010/04/15 12:50:01 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\TeamViewer
[2011/08/01 22:31:58 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Thinstall
[2011/11/11 03:26:42 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2010/08/13 13:51:14 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\YoudaGames
[2011/06/24 09:59:50 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Youtube Downloader HD
[2011/11/12 12:31:40 | 000,032,620 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:22716EC0155E4532
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F3AB0B43
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1AA6F328
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E369BDA7

< End of report >



=========================================================================EXTRAS.txt========================================================

OTL Extras logfile created on: 17/11/2011 18:57:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Downloads\Compressed
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

2,96 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,33% Memory free
8,82 Gb Paging File | 7,51 Gb Available in Paging File | 85,14% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 930,90 Gb Total Space | 726,19 Gb Free Space | 78,01% Space Free | Partition Type: NTFS

Computer Name: PC-PSYDREAM | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}" = Lineage II
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{12B224EF-BA30-4B3D-8137-82CD9C67C776}_is1" = ACP 2.0.4
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 26
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A31C596-64D5-4613-83FD-D655A421588C}" = ESET Smart Security
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57AF152B-2BC1-43AA-9118-56F71A0F2C1E}" = Setup_Server
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BEA3C63-101D-4009-8B73-E9CE4A5F8A9C}" = League of Legends
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84C9CD33-1525-4500-BC16-139522A71B98}_is1" = FixAuto 1.1.7
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BAFEF4-7A37-4E48-B66C-BA8D730EFFAF}" = Pocket Tanks Deluxe v1.3 By Argogo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FEECBDA-8378-4874-AD65-D9E232BE2D11}" = Windows Live Sync
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A70001000000}" = Adobe Reader 7.0
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B67DE614-BDB8-4CB1-B3C3-8BD5EED1FDE1}" = System Requirements Lab CYRI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BE43FDDD-F003-494F-952A-69731FF82197}" = Sexy Beach 3 Platinum Pack
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDEC1AF0-0C66-43B2-A0FC-A82648E8D36A}" = Nitro PDF Reader 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BGroom" = BGroom
"Blast Pack for Pocket Tanks Deluxe_is1" = Blast Pack for Pocket Tanks Deluxe
"BrawlBusters(EN)" = BrawlBusters(EN)
"BSPlayerf" = BS.Player FREE
"BulentsScreenRecorder4" = BSR Screen Recorder 4
"Bus Driver_is1" = Bus Driver
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"CloneCD" = CloneCD
"conduitEngine" = Conduit Engine
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup.divx.com" = DivX Setup
"DreamCalcDC4G_is1" = DreamCalc DCG4.7.0 Graphing Calculator
"EADM" = EA Download Manager
"facemoods" = Facemoods Toolbar
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.0.0526
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HitmanPro35" = Hitman Pro 3.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Διαχειριστής Συσκευών Πλατφόρμας
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"Internet Download Manager" = Internet Download Manager
"Lineage-RS" = Lineage-RS
"LOLReplay" = LOLReplay
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Monopoly City1.0" = Monopoly City
"Mozilla Firefox 6.0 (x86 el)" = Mozilla Firefox 6.0 (x86 el)
"MusicManager" = Music Manager
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Party Pack for Pocket Tanks Deluxe_is1" = Party Pack for Pocket Tanks Deluxe
"Proxifier_is1" = Proxifier version 2.91
"RapidTyping" = RapidTyping
"TeamViewer 5" = TeamViewer 5
"umsvfyvgmlbl" = Performance Solution Brincome.
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Vindictus EU" = Vindictus
"WhiteCap" = WhiteCap
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"L2City_Server_Patch" = L2City_Server_Patch

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/5/2011 20:25:31 | Computer Name = PC-Psydream | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\alaplaya\S4League\Aegis64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 14/5/2011 20:25:36 | Computer Name = PC-Psydream | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\sony ericsson\sony
ericsson pc companion\Drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/5/2011 8:40:11 | Computer Name = PC-Psydream | Source = Application Error | ID = 1000
Description = Faulting application name: SB3Plus.exe, version: 0.0.0.0, time stamp:
0x4532e21d Faulting module name: SB3Plus.exe, version: 0.0.0.0, time stamp: 0x4532e21d
Exception
code: 0xc0000005 Fault offset: 0x0002277f Faulting process id: 0x258 Faulting application
start time: 0x01cc12fd150b48f5 Faulting application path: C:\ILLUSION\SexyBeach3\SexyBeach3Plus\SB3Plus.exe
Faulting
module path: C:\ILLUSION\SexyBeach3\SexyBeach3Plus\SB3Plus.exe Report Id: 78b3a67f-7ef0-11e0-abae-00acc45d4b9a

Error - 15/5/2011 8:41:53 | Computer Name = PC-Psydream | Source = Application Error | ID = 1000
Description = Faulting application name: SB3Plus.exe, version: 0.0.0.0, time stamp:
0x4532e21d Faulting module name: SB3Plus.exe, version: 0.0.0.0, time stamp: 0x4532e21d
Exception
code: 0xc0000005 Fault offset: 0x0002277f Faulting process id: 0x1528 Faulting application
start time: 0x01cc12fd45daf6dc Faulting application path: C:\ILLUSION\SexyBeach3\SexyBeach3Plus\SB3Plus.exe
Faulting
module path: C:\ILLUSION\SexyBeach3\SexyBeach3Plus\SB3Plus.exe Report Id: b54bb501-7ef0-11e0-abae-00acc45d4b9a

Error - 15/5/2011 8:42:19 | Computer Name = PC-Psydream | Source = Application Error | ID = 1000
Description = Faulting application name: SB3Plus.exe, version: 0.0.0.0, time stamp:
0x4532e21d Faulting module name: SB3Plus.exe, version: 0.0.0.0, time stamp: 0x4532e21d
Exception
code: 0xc0000005 Fault offset: 0x0002277f Faulting process id: 0xc4c Faulting application
start time: 0x01cc12fd7b9fa319 Faulting application path: C:\ILLUSION\SexyBeach3\SexyBeach3Plus\SB3Plus.exe
Faulting
module path: C:\ILLUSION\SexyBeach3\SexyBeach3Plus\SB3Plus.exe Report Id: c55f3ce4-7ef0-11e0-abae-00acc45d4b9a

Error - 15/5/2011 12:00:00 | Computer Name = PC-Psydream | Source = Windows Backup | ID = 4104
Description =

Error - 17/5/2011 7:31:26 | Computer Name = PC-Psydream | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\sony ericsson\sony
ericsson pc suite\Drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/5/2011 7:31:41 | Computer Name = PC-Psydream | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\alaplaya\S4League\Aegis64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/5/2011 7:31:48 | Computer Name = PC-Psydream | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\sony ericsson\sony
ericsson pc companion\Drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 18/5/2011 0:02:28 | Computer Name = PC-Psydream | Source = Application Error | ID = 1000
Description = Faulting application name: SB3Plus.exe, version: 0.0.0.0, time stamp:
0x4532e21d Faulting module name: SB3Plus.exe, version: 0.0.0.0, time stamp: 0x4532e21d
Exception
code: 0xc0000005 Fault offset: 0x0002277f Faulting process id: 0x1304 Faulting application
start time: 0x01cc151047cda07b Faulting application path: C:\ILLUSION\SexyBeach3\SexyBeach3Plus\SB3Plus.exe
Faulting
module path: C:\ILLUSION\SexyBeach3\SexyBeach3Plus\SB3Plus.exe Report Id: a54766f5-8103-11e0-80e9-00acc45d4b9a

[ System Events ]
Error - 17/11/2011 12:48:17 | Computer Name = PC-Psydream | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%5

Error - 17/11/2011 12:48:17 | Computer Name = PC-Psydream | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%5

Error - 17/11/2011 12:48:18 | Computer Name = PC-Psydream | Source = PNRPSvc | ID = 102
Description =

Error - 17/11/2011 12:48:18 | Computer Name = PC-Psydream | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%5

Error - 17/11/2011 12:48:18 | Computer Name = PC-Psydream | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%5

Error - 17/11/2011 12:49:11 | Computer Name = PC-Psydream | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Akamai service.

Error - 17/11/2011 12:50:07 | Computer Name = PC-Psydream | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 17/11/2011 12:50:07 | Computer Name = PC-Psydream | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 17/11/2011 12:50:58 | Computer Name = PC-Psydream | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 17/11/2011 12:54:00 | Computer Name = PC-Psydream | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).


< End of report >







P.S. Thx in advance!
  • 0

Similar Topics: Google redirects , Olmarik.tdl4 and Sirefef.ch trojans     x


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
Hello Psydream and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

Step 2

Please restart in safe mode with networking:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


Step 3

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
Psydream

Psydream

    Member

  • Member
  • PipPip
  • 22 posts
Hello maliprog thank you for your response , i did download combofix on desktop and runned it in safe mode as administrator well it took like 90 minutes and more and when it ends it says me: if u r no connected to the internet after combofix scan then run the scan again well i didnt rerun u told me not to so i restarted my pc as told but the only think i have in C:/ is Combofix with TV icon and when i open it sent me in my computer! i couldnt find any log file there , oh i dont have internet connection anymore im using a laptop to talk to you , thats why i late to answer.
1 question ; format will fix this?

Thanks in advance and sorry for my bad english!
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
OK. Please try to run Combofix again in Normal mode now. Accept all prompts from Combofix and let it run. If you get Combofix log after next restart please post it here for me.
  • 0

#5
Psydream

Psydream

    Member

  • Member
  • PipPip
  • 22 posts
I did run again combofix in normal mode again , well i guess it stucked i let it scan over 3-4 hours but it never ended explorer.exe closed and i couldnt use my pc i could only move the scan window nothink else so i just push the shut down button and close it.
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
We will need your clean PC/notebook and USB memory to download and transfer tools to infected PC. First we need to disinfect your USB memory so you can transfer files and not get infected.

Do this on the clean computer:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
After you desinfect your USB memory please download VRT tool then transfer it to infected PC and run it like this:

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#7
Psydream

Psydream

    Member

  • Member
  • PipPip
  • 22 posts
Hello , sorry for taking so long here what you asked for.Attached File  kaspersky.txt   2.92KB   86 downloads
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
Good work. Please delete old version of Combofix from your infected system.

On clean PC download new version and transfer it to infected one with USB memory. Run Combofix on infected system and post log here for me. If you manage to run Combofix please try your internet connection after the scan.
  • 0

#9
Psydream

Psydream

    Member

  • Member
  • PipPip
  • 22 posts
Hello , bad news i runned combofix it started to scan and worked really fine when it ends the scan it reboot my pc then when windows started it opens automaticly the same cmd windows saying the following;
"Preparing Log Report."
"Do not run any programs until combofix has finished" it stucked there like 1 hour and more and i couldnt use my pc but only move this cmd window so i had to restart my pc after 90 minutes that passed. When pc opened i check for the log and i saw a folder combofix this time that had lot of stuff there but not the log ! im really sorry for failing again.
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
OK. Can you tell me how is your system now? Do you have internet connection back?
  • 0

#11
Psydream

Psydream

    Member

  • Member
  • PipPip
  • 22 posts
System is ok , i just dont have internet connection now , sometimes i may get blue screen error but last time i got it was yesterday its all normal now exept internet connection in laptop it works but in my pc its not i cant even get in modem's ip site


P.S. i forgot to mention that i have mozilla safari and internet explorer browser ,safari and internet explorer they wont run , safari opens and close immediatly internet explore just stuck and dont responding

Edited by Psydream, 20 November 2011 - 06:32 AM.

  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
Hi Psydream,

Please remove old version of TDSSKiller from infected PC. Download and transfer these tools to infected PC and try to run them. Post logs after the scan and try all of them.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.


Step 2

Download aswMBR.exe ( 511KB ) to your desktop.


  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • A text file will be generated on your desktop
  • Now paste that text here for me.


Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • MBRCheck log
It would be helpful if you could post each log in separate post
  • 0

#13
Psydream

Psydream

    Member

  • Member
  • PipPip
  • 22 posts
Hello, like i said in my first post i still cant run TDSSkiller.exe i did deleted the old version and paste this one still couldnt run it. Same problem with aswMBR.exe i couldnt run no matter how i renamed it, i couldnt run it well at least i could run MBRCheck.exe heres the log.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer INC.
System Product Name: P7H55-M SI
Logical Drives Mask: 0x00000014

Kernel Drivers (total 187):
0xE1E3C000 \SystemRoot\system32\ntkrnlpa.exe
0xE1E05000 \SystemRoot\system32\halmacpi.dll
0xE1D14000 \SystemRoot\system32\kdcom.dll
0xC880A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0xC888F000 \SystemRoot\system32\PSHED.dll
0xC88A0000 \SystemRoot\system32\BOOTVID.dll
0xC88A8000 \SystemRoot\system32\CLFS.SYS
0xC88EA000 \SystemRoot\system32\CI.dll
0xC8A01000 \SystemRoot\system32\drivers\Wdf01000.sys
0xC8A72000 \SystemRoot\system32\drivers\WDFLDR.SYS
0xC8A80000 \SystemRoot\system32\drivers\ACPI.sys
0xC8AC8000 \SystemRoot\system32\drivers\WMILIB.SYS
0xC8AD1000 \SystemRoot\system32\drivers\msisadrv.sys
0xC8AD9000 \SystemRoot\system32\drivers\pci.sys
0xC8B03000 \SystemRoot\system32\drivers\vdrvroot.sys
0xC8B0E000 \SystemRoot\System32\drivers\partmgr.sys
0xC8B1F000 \SystemRoot\system32\drivers\volmgr.sys
0xC8B2F000 \SystemRoot\System32\drivers\volmgrx.sys
0xC8B7A000 \SystemRoot\system32\drivers\pciide.sys
0xC8B81000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0xC8B8F000 \SystemRoot\System32\drivers\mountmgr.sys
0xC8BA5000 \SystemRoot\system32\drivers\atapi.sys
0xC8BAE000 \SystemRoot\system32\drivers\ataport.SYS
0xC8BD1000 \SystemRoot\system32\drivers\amdxata.sys
0xC8995000 \SystemRoot\system32\drivers\fltmgr.sys
0xC8BDA000 \SystemRoot\system32\drivers\fileinfo.sys
0xC8C33000 \SystemRoot\System32\Drivers\Ntfs.sys
0xC8D62000 \SystemRoot\System32\Drivers\msrpc.sys
0xC8D8D000 \SystemRoot\System32\Drivers\ksecdd.sys
0xC8DA0000 \SystemRoot\System32\Drivers\cng.sys
0xC8C00000 \SystemRoot\System32\drivers\pcw.sys
0xC8C0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0xC8E25000 \SystemRoot\system32\drivers\ndis.sys
0xC8EDC000 \SystemRoot\system32\drivers\NETIO.SYS
0xC8F1A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0xC901C000 \SystemRoot\System32\drivers\tcpip.sys
0xC9166000 \SystemRoot\System32\drivers\fwpkclnt.sys
0xC9197000 \SystemRoot\system32\drivers\volsnap.sys
0xC91D6000 \SystemRoot\System32\Drivers\spldr.sys
0xC8F3F000 \SystemRoot\System32\drivers\rdyboost.sys
0xC91DE000 \SystemRoot\System32\Drivers\mup.sys
0xC91EE000 \SystemRoot\System32\drivers\hwpolicy.sys
0xC8F6C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0xC9000000 \SystemRoot\system32\DRIVERS\disk.sys
0xC8F9E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0xC9232000 \SystemRoot\system32\DRIVERS\40774382.sys
0xC9786000 \SystemRoot\system32\drivers\cdrom.sys
0xC97A5000 \SystemRoot\System32\Drivers\Null.SYS
0xC97AC000 \SystemRoot\System32\Drivers\Beep.SYS
0xC97B3000 \SystemRoot\System32\drivers\vga.sys
0xC97BF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xC97E0000 \SystemRoot\System32\drivers\watchdog.sys
0xC97ED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xC97F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0xC9200000 \SystemRoot\system32\drivers\rdprefmp.sys
0xC9208000 \SystemRoot\System32\Drivers\Msfs.SYS
0xC9213000 \SystemRoot\System32\Drivers\Npfs.SYS
0xC9221000 \SystemRoot\system32\DRIVERS\tdx.sys
0xCD618000 \SystemRoot\system32\drivers\afd.sys
0xCD672000 \SystemRoot\system32\drivers\TDI.SYS
0xCD67E000 \SystemRoot\System32\DRIVERS\netbt.sys
0xCD6B0000 \SystemRoot\system32\drivers\ws2ifsl.sys
0xCD6B9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0xCD6C0000 \SystemRoot\system32\DRIVERS\pacer.sys
0xCD6DF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xCD6ED000 \SystemRoot\system32\DRIVERS\serial.sys
0xCD707000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xCD71A000 \SystemRoot\system32\drivers\termdd.sys
0xCD72B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xCD74D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xCD753000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xCD794000 \SystemRoot\system32\drivers\nsiproxy.sys
0xCD79E000 \SystemRoot\system32\drivers\mssmbios.sys
0xCD7A8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xCD7AD000 \SystemRoot\System32\drivers\discache.sys
0xCD7B9000 \SystemRoot\System32\Drivers\dfsc.sys
0xCD7D1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0xCD7DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0xCD600000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xCE003000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0xCE9E9000 \SystemRoot\System32\Drivers\nvBridge.kmd
0xCEA0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0xCEAC2000 \SystemRoot\System32\drivers\dxgmms1.sys
0xCEAFB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xCEB0A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xCEB55000 \SystemRoot\system32\drivers\HDAudBus.sys
0xCEB74000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0xCEBD6000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xCEBD8000 \SystemRoot\system32\DRIVERS\parport.sys
0xCEBF0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xCEA00000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0xCEBFA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xCE9ED000 \SystemRoot\system32\drivers\CompositeBus.sys
0xC8FC3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0xC8FD5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xC9011000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xC8E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xC8C17000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xC89C9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xC89E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0xCEA07000 \SystemRoot\system32\DRIVERS\Neo_0001.sys
0xC8FED000 \SystemRoot\system32\drivers\kbdclass.sys
0xC8BEB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xCE9FA000 \SystemRoot\system32\drivers\swenum.sys
0xCEE37000 \SystemRoot\system32\drivers\ks.sys
0xCEE6B000 \SystemRoot\system32\drivers\umbus.sys
0xCEE79000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xCEEBD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xD3E0F000 \SystemRoot\system32\drivers\viahduaa.sys
0xD3F8B000 \SystemRoot\system32\drivers\portcls.sys
0xD3FBA000 \SystemRoot\system32\drivers\drmk.sys
0xD3FD3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xD3FDE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xD3FF1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xD3FF8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xD3E00000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xD16C0000 \SystemRoot\System32\win32k.sys
0xCEECE000 \SystemRoot\System32\drivers\Dxapi.sys
0xCEED8000 \SystemRoot\System32\Drivers\crashdmp.sys
0xCEEE5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0xCEEF0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xCEEF9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0xCEF0A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xCEF21000 \SystemRoot\system32\drivers\kbdhid.sys
0xCEF2D000 \SystemRoot\system32\DRIVERS\monitor.sys
0xD1920000 \SystemRoot\System32\TSDDD.dll
0xD1950000 \SystemRoot\System32\cdd.dll
0xCEF38000 \SystemRoot\system32\drivers\luafv.sys
0xCEF53000 \SystemRoot\system32\drivers\WudfPf.sys
0xCEF9E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xCEFAE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xDCE34000 \SystemRoot\system32\drivers\HTTP.sys
0xDCEB9000 \SystemRoot\system32\DRIVERS\bowser.sys
0xDCED2000 \SystemRoot\System32\drivers\mpsdrv.sys
0xDCEE4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xDCF07000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xDCF42000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xDCF5D000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xDCF64000 \SystemRoot\system32\DRIVERS\idmwfp.sys
0xE0E03000 \SystemRoot\system32\drivers\peauth.sys
0xE0E9A000 \SystemRoot\System32\Drivers\secdrv.SYS
0xE0EA4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xE0EC5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xE0ED2000 \SystemRoot\System32\DRIVERS\srv2.sys
0xE0F22000 \SystemRoot\System32\DRIVERS\srv.sys
0xE0FDE000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xE0FE7000 \SystemRoot\system32\drivers\USBSTOR.SYS
0xDCF7B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x76ED0000 \Windows\System32\ntdll.dll
0x48300000 \Windows\System32\smss.exe
0x77110000 \Windows\System32\apisetschema.dll
0x008C0000 \Windows\System32\autochk.exe
0x770C0000 \Windows\System32\ws2_32.dll
0x770B0000 \Windows\System32\nsi.dll
0x76DC0000 \Windows\System32\urlmon.dll
0x77010000 \Windows\System32\usp10.dll
0x76DA0000 \Windows\System32\imm32.dll
0x76D70000 \Windows\System32\imagehlp.dll
0x76C90000 \Windows\System32\kernel32.dll
0x76BC0000 \Windows\System32\msctf.dll
0x76B60000 \Windows\System32\shlwapi.dll
0x76AC0000 \Windows\System32\advapi32.dll
0x76A70000 \Windows\System32\gdi32.dll
0x76A60000 \Windows\System32\lpk.dll
0x76900000 \Windows\System32\ole32.dll
0x76760000 \Windows\System32\setupapi.dll
0x75B10000 \Windows\System32\shell32.dll
0x75A60000 \Windows\System32\rpcrt4.dll
0x759B0000 \Windows\System32\msvcrt.dll
0x75920000 \Windows\System32\oleaut32.dll
0x75850000 \Windows\System32\user32.dll
0x757D0000 \Windows\System32\comdlg32.dll
0x75740000 \Windows\System32\clbcatq.dll
0x756F0000 \Windows\System32\Wldap32.dll
0x756E0000 \Windows\System32\psapi.dll
0x756C0000 \Windows\System32\sechost.dll
0x75660000 \Windows\System32\difxapi.dll
0x754A0000 \Windows\System32\iertutil.dll
0x75380000 \Windows\System32\wininet.dll
0x75370000 \Windows\System32\normaliz.dll
0x75350000 \Windows\System32\devobj.dll
0x75300000 \Windows\System32\KernelBase.dll
0x75270000 \Windows\System32\comctl32.dll
0x75150000 \Windows\System32\crypt32.dll
0x75120000 \Windows\System32\cfgmgr32.dll
0x750F0000 \Windows\System32\wintrust.dll
0x750E0000 \Windows\System32\msasn1.dll

Processes (total 53):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
396 csrss.exe
456 C:\Windows\System32\wininit.exe
464 csrss.exe
504 C:\Windows\System32\services.exe
520 C:\Windows\System32\lsass.exe
528 C:\Windows\System32\lsm.exe
652 C:\Windows\System32\winlogon.exe
684 C:\Windows\System32\svchost.exe
744 C:\Windows\System32\nvvsvc.exe
768 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
812 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\audiodg.exe
1148 C:\Windows\System32\svchost.exe
1236 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1248 C:\Windows\System32\nvvsvc.exe
1304 C:\Windows\System32\svchost.exe
1588 C:\Windows\System32\spoolsv.exe
1616 C:\Windows\System32\svchost.exe
1708 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1884 C:\Windows\explorer.exe
1968 C:\Windows\System32\taskhost.exe
452 C:\Program Files\Windows Sidebar\sidebar.exe
2668 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2692 C:\Program Files\Bonjour\mDNSResponder.exe
2740 C:\Windows\System32\svchost.exe
2864 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2912 C:\Windows\System32\PnkBstrA.exe
2936 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2980 C:\Windows\System32\svchost.exe
3584 C:\Windows\System32\SearchIndexer.exe
3708 C:\Windows\System32\svchost.exe
2156 C:\Program Files\Nero\Update\NASvc.exe
4084 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
4056 C:\Windows\System32\svchost.exe
940 C:\Program Files\Windows Media Player\wmpnetwk.exe
700 WmiPrvSE.exe
3572 C:\Windows\System32\svchost.exe
3304 C:\Windows\System32\taskmgr.exe
2144 C:\Windows\System32\dwm.exe
1384 C:\Windows\System32\svchost.exe
2624 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1516 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
308 C:\Windows\System32\SearchProtocolHost.exe
4012 C:\Windows\System32\SearchFilterHost.exe
696 C:\Users\Alex\Desktop\MBRCheck.exe
3592 C:\Windows\System32\conhost.exe
2416 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`2738a000 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC38

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
First we'll try more secure way. You will need blank CD for this.

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.




When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

  • Bootrec.exe /FixMbr
  • Once finished type Exit


Reboot to normal windows and run MBRcheck again please. Post log after the scan.
  • 0

#15
Psydream

Psydream

    Member

  • Member
  • PipPip
  • 22 posts
is it necessary to put DvD RW? or i can use a DVD R?i need to know what to buy ^^ i have dvd R but i dont have RWs
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured