Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Many pc errors [Closed]

Started by SomeBodyHelpMe , Apr 15 2012 03:33 AM

  • This topic is locked This topic is locked

#1
SomeBodyHelpMe
Posted 15 April 2012 - 03:33 AM

SomeBodyHelpMe

    New Member

  • Member
  • Pip
  • 5 posts
To start off with,ever since i gomy pc..whenever i try doing a few things it always said feature has been blocked by admin..for example i tried opening task managrer it said admin had blocked it..i googled it and got it fixed..lately when i boot my pc there's and explorer.exe application error 0xc0000005..and each time i try to run it through task manager > new task ..before even i could type explorer.exe this error appears.. taskmgr.exe application error The instruction at "0x073f9027" referenced memory at "0x073f9027" . The memory could not be "read". click ok to terminate the program..

But if i try running other programs through tskmgr i am able to do so ~~!

my registryedit was blocked by the admin previously.. but i got it fixed

i also keep getting this error every 2 mins
AppleMobileDeviceService.exe Application error The exception unknown software exception (0xc06d007e) occured in the application at locatioon 0x7c812afb.

And sometimes when i try to run a few applications the same application error- 0xc0000005 error appears

here's my OTL log


OTL logfile created on: 4/15/2012 2:47:20 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Bleh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.60% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 79.41 Gb Free Space | 81.32% Space Free | Partition Type: NTFS
Drive D: | 622.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 97.65 Gb Total Space | 29.75 Gb Free Space | 30.47% Space Free | Partition Type: NTFS
Drive G: | 97.65 Gb Total Space | 97.58 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive H: | 172.80 Gb Total Space | 160.86 Gb Free Space | 93.09% Space Free | Partition Type: NTFS

Computer Name: PRAVEEN | User Name: Bleh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/15 14:47:09 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bleh\My Documents\Downloads\OTL.exe
PRC - [2012/04/10 01:58:49 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/12/22 18:51:38 | 000,088,688 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe
PRC - [2010/11/15 16:51:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/10 01:58:48 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\ppgooglenaclpluginchrome.dll
MOD - [2012/04/10 01:58:46 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\pdf.dll
MOD - [2012/04/10 01:57:32 | 000,544,240 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\libglesv2.dll
MOD - [2012/04/10 01:57:31 | 000,117,744 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\libegl.dll
MOD - [2012/04/10 01:57:21 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\avutil-51.dll
MOD - [2012/04/10 01:57:20 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\avformat-53.dll
MOD - [2012/04/10 01:57:19 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\avcodec-53.dll
MOD - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
MOD - [2009/03/13 11:30:44 | 000,109,096 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/03/24 10:07:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2010/12/22 18:51:38 | 000,088,688 | R--- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)
SRV - [2010/11/15 16:51:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2006/03/03 21:03:10 | 000,299,008 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\G+\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/15 14:22:23 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011/01/10 18:16:16 | 000,018,544 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/12/22 18:51:40 | 002,804,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/11/26 09:47:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/11/17 17:33:56 | 000,101,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/06/25 12:37:44 | 000,061,552 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012/01/28 00:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012/01/28 00:37:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2012/01/28 00:37:15 | 000,000,000 | ---D | M]

[2012/01/28 01:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bleh\Application Data\Mozilla\Firefox\extensions
[2012/01/28 01:01:51 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Bleh\Application Data\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/14 23:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bleh\Application Data\Mozilla\Firefox\Profiles\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: FBPHOTOZOOM = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2007/08/11 12:28:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [StartCCC] F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D988BF92-0DD6-4E97-83A0-17CB7B342774}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bleh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bleh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/11 05:09:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 16:30:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 14:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
[2012/04/15 14:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\PC_Drivers_Headquarters
[2012/04/15 14:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2012/04/15 14:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Driver Detective
[2012/04/15 14:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Start Menu\Programs\ParetoLogic
[2012/04/15 14:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/04/15 14:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2012/04/15 14:08:22 | 000,000,000 | ---D | C] -- C:\$WIN_NT$.~BT
[2012/04/15 00:33:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/15 00:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\smitRem
[2012/04/15 00:12:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/04/14 23:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/04/14 23:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
[2012/04/14 23:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\fbphotozoom
[2012/04/14 23:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012/04/02 23:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Apple Computer
[2012/04/02 23:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Application Data\Apple Computer
[2012/04/02 23:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2012/04/02 23:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/02 23:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2012/04/02 23:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/02 23:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Apple
[2012/04/02 23:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/04/02 23:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/02 23:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/02 23:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2012/03/29 22:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\vrally3D
[2012/03/29 22:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\RealBoxing3D
[2012/03/29 22:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\planetriders
[2012/03/29 22:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\MobiChess_240x320
[2012/03/29 22:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\Alliance 3D
[2012/03/27 15:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/03/25 22:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Adobe
[2012/03/25 22:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Application Data\HP
[2012/03/25 22:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
[2012/03/25 22:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\HP
[2012/03/25 22:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2012/03/24 19:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
[2012/03/24 19:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/03/24 19:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Microsoft Help
[2012/03/24 19:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/15 14:33:56 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Driver Detective.lnk
[2012/04/15 14:30:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/15 14:30:50 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/15 14:26:30 | 000,496,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/15 14:26:30 | 000,084,966 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/15 14:22:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/15 14:20:07 | 000,000,267 | RHS- | M] () -- C:\boot.ini
[2012/04/15 14:16:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1844823847-1417001333-1003UA.job
[2012/04/15 13:49:45 | 000,000,268 | RHS- | M] () -- C:\BOOT.BAK
[2012/04/15 12:29:35 | 000,001,341 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\regtools.vbs
[2012/04/15 12:28:30 | 000,243,470 | ---- | M] () -- C:\WINDOWS\kxt.jra
[2012/04/15 12:28:28 | 000,156,341 | ---- | M] () -- C:\WINDOWS\yutm.dow
[2012/04/15 12:28:28 | 000,137,081 | ---- | M] () -- C:\WINDOWS\vyul.rha
[2012/04/15 12:28:19 | 000,191,213 | ---- | M] () -- C:\WINDOWS\hietqbj.mxv
[2012/04/15 12:28:16 | 000,361,444 | ---- | M] () -- C:\WINDOWS\aqh.omn
[2012/04/15 12:14:26 | 000,024,543 | ---- | M] () -- C:\WINDOWS\vpww.jif
[2012/04/15 00:02:43 | 000,000,010 | ---- | M] () -- C:\WINDOWS\GSetup.ini
[2012/04/14 23:39:54 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\Download The_Devil_Inside_2012_DvDrip_FxM.lnk
[2012/04/13 20:16:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1844823847-1417001333-1003Core.job
[2012/04/13 10:31:07 | 000,047,147 | ---- | M] () -- C:\WINDOWS\alx.ubb
[2012/04/12 15:42:41 | 000,081,401 | ---- | M] () -- C:\WINDOWS\xyr.iyy
[2012/04/12 14:45:38 | 000,063,422 | ---- | M] () -- C:\WINDOWS\qadskx.vgk
[2012/04/12 14:45:12 | 000,284,082 | ---- | M] () -- C:\WINDOWS\vpk.kqb
[2012/04/11 16:28:05 | 000,156,867 | ---- | M] () -- C:\WINDOWS\exwmwp.fjk
[2012/04/10 22:40:55 | 007,278,276 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\Progress report as on 06.04.2012.pdf
[2012/04/10 17:17:24 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\Google Chrome.lnk
[2012/04/10 17:17:24 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Bleh\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/09 16:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/09 16:28:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/07 19:51:11 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/05 23:02:03 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\Bleh\Application Data\room_v3.dat
[2012/04/04 14:17:11 | 000,271,864 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\IMG_0007.jpg
[2012/04/02 23:04:49 | 000,001,454 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2012/03/30 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/03/25 22:38:06 | 000,117,644 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2012/03/25 22:37:30 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Photosmart Essential.lnk
[2012/03/25 22:36:54 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/03/25 22:36:36 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Solution Center.lnk
[2012/03/25 22:32:06 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2012/03/25 09:23:27 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/15 14:33:56 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Driver Detective.lnk
[2012/04/15 14:30:50 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/15 14:30:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/15 12:29:38 | 000,001,341 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\regtools.vbs
[2012/04/15 00:12:23 | 000,260,288 | R--- | C] () -- C:\$LDR$
[2012/04/15 00:12:23 | 000,000,268 | RHS- | C] () -- C:\BOOT.BAK
[2012/04/15 00:12:22 | 000,440,533 | R--- | C] () -- C:\txtsetup.sif
[2012/04/14 23:39:54 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\Download The_Devil_Inside_2012_DvDrip_FxM.lnk
[2012/04/13 10:31:07 | 000,047,147 | ---- | C] () -- C:\WINDOWS\alx.ubb
[2012/04/13 10:21:48 | 000,156,341 | ---- | C] () -- C:\WINDOWS\yutm.dow
[2012/04/13 10:21:34 | 000,361,444 | ---- | C] () -- C:\WINDOWS\aqh.omn
[2012/04/12 15:42:41 | 000,081,401 | ---- | C] () -- C:\WINDOWS\xyr.iyy
[2012/04/12 14:48:46 | 000,024,543 | ---- | C] () -- C:\WINDOWS\vpww.jif
[2012/04/12 14:45:23 | 000,243,470 | ---- | C] () -- C:\WINDOWS\kxt.jra
[2012/04/12 14:45:21 | 000,063,422 | ---- | C] () -- C:\WINDOWS\qadskx.vgk
[2012/04/12 14:45:15 | 000,191,213 | ---- | C] () -- C:\WINDOWS\hietqbj.mxv
[2012/04/12 14:45:12 | 000,284,082 | ---- | C] () -- C:\WINDOWS\vpk.kqb
[2012/04/11 16:28:05 | 000,156,867 | ---- | C] () -- C:\WINDOWS\exwmwp.fjk
[2012/04/11 16:28:05 | 000,137,081 | ---- | C] () -- C:\WINDOWS\vyul.rha
[2012/04/10 22:40:55 | 007,278,276 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\Progress report as on 06.04.2012.pdf
[2012/04/06 15:46:29 | 004,456,751 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\paradise.mp3
[2012/04/04 14:17:11 | 000,271,864 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\IMG_0007.jpg
[2012/04/02 23:04:49 | 000,001,454 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2012/04/02 23:03:45 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/02 23:03:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Apple Software Update.lnk
[2012/03/25 22:37:30 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Photosmart Essential.lnk
[2012/03/25 22:36:54 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/03/25 22:36:36 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Solution Center.lnk
[2012/03/25 22:33:11 | 000,117,644 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/03/25 22:32:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/25 22:32:06 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2012/03/25 22:31:07 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2012/02/15 12:20:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/08 20:27:44 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\setting.ini
[2012/02/08 12:50:14 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 22:51:51 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\Bleh\Application Data\room_v3.dat
[2012/01/28 05:42:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/28 05:40:57 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/28 00:48:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/01/28 00:48:39 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/01/28 00:48:39 | 000,224,001 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/01/28 00:48:39 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/01/28 00:40:53 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe
[2012/01/28 00:40:53 | 000,018,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
[2012/01/28 00:39:31 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2012/01/28 00:39:31 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2012/01/28 00:31:42 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/01/28 00:31:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/01/28 00:23:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/28 00:17:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/21 16:42:38 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/18 03:13:12 | 000,728,858 | ---- | C] () -- C:\Program Files\Common Files\unins000.exe
[2011/09/18 03:13:12 | 000,002,994 | ---- | C] () -- C:\Program Files\Common Files\unins000.dat

========== LOP Check ==========

[2012/01/28 15:39:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/04/05 21:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GarenaMessenger
[2012/02/16 18:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2012/01/28 23:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nexon
[2012/01/28 01:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS
[2012/04/15 14:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2012/04/15 14:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2012/01/28 00:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Splashtop
[2012/04/14 23:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
[2012/04/15 14:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
[2012/04/02 23:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/15 00:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bleh\Application Data\BitTorrent
[2012/04/04 12:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bleh\Application Data\GarenaPlus
[2012/01/28 00:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bleh\Application Data\Splashtop
[2012/03/30 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/04/15 14:30:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job

========== Purity Check ==========



< End of report >

I would really be thankfull if someone could help me out here
  • 0

Advertisements

#2
Essexboy
Posted 15 April 2012 - 05:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets run a quick check

  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

  • 0

#3
SomeBodyHelpMe
Posted 15 April 2012 - 10:58 AM

SomeBodyHelpMe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hey ..thanks for the quick reply =) here's the results:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 2221_15-04-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
WVCheck could not read the Auto-Update Option.
-----------------------
Last Success Time for Update Detection: 2012-04-15 06:46:20
Last Success Time for Update Download: 2012-04-11 10:58:13
Last Success Time for Update Installation: 2012-03-15 10:29:49


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Documents and Settings\home\Application Data\BitTorrent\Windows XP Pro SP3 - Activated.torrent
Size: 12989 bytes
Creation; 27/1/2012 21:37:40
Modification; 27/1/2012 21:37:40
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
C:\Documents and Settings\home\Application Data\BitTorrent\Windows XP Pro SP3 - Activated.torrent
Size: 12989 bytes
Creation; 27/1/2012 21:37:40
Modification; 27/1/2012 21:37:40
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------
C:\Documents and Settings\home\Desktop\WXPVOL_EN\DOCS\keyfinder.exe
Size: 272357 bytes
Creation; 22/9/2011 14:12:47
Modification; 7/8/2006 6:24:6
MD5; 042f13cb1818a8b9fe026a250c4eef93
Matched: Keyfinder.exe
-----------------------
C:\Documents and Settings\home\My Documents\Downloads\Windows_XP_Professional_SP3_-_Activated.4535425.TPB (1).torrent
Size: 12989 bytes
Creation; 27/1/2012 21:37:40
Modification; 27/1/2012 21:37:40
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
C:\Documents and Settings\home\My Documents\Downloads\Windows_XP_Professional_SP3_-_Activated.4535425.TPB (1).torrent
Size: 12989 bytes
Creation; 27/1/2012 21:37:40
Modification; 27/1/2012 21:37:40
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------
C:\Documents and Settings\home\My Documents\Downloads\Windows_XP_Professional_SP3_-_Activated.4535425.TPB.torrent
Size: 12989 bytes
Creation; 22/9/2011 12:32:58
Modification; 22/9/2011 12:32:58
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
C:\Documents and Settings\home\My Documents\Downloads\Windows_XP_Professional_SP3_-_Activated.4535425.TPB.torrent
Size: 12989 bytes
Creation; 22/9/2011 12:32:58
Modification; 22/9/2011 12:32:58
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------
C:\Documents and Settings\home\Recent\Windows XP Pro SP3 - Activated.lnk
Size: 635 bytes
Creation; 27/1/2012 23:15:57
Modification; 27/1/2012 23:55:57
MD5; fdf7426e9b97c60ba4700e00cb2c5c79
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
C:\Documents and Settings\home\Recent\Windows XP Pro SP3 - Activated.lnk
Size: 635 bytes
Creation; 27/1/2012 23:15:57
Modification; 27/1/2012 23:55:57
MD5; fdf7426e9b97c60ba4700e00cb2c5c79
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------
F:\Downloads\Windows_XP_Professional_SP3_-_Activated.4535425.TPB (1).torrent
Size: 12989 bytes
Creation; 27/1/2012 23:19:45
Modification; 27/1/2012 21:37:40
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
F:\Downloads\Windows_XP_Professional_SP3_-_Activated.4535425.TPB (1).torrent
Size: 12989 bytes
Creation; 27/1/2012 23:19:45
Modification; 27/1/2012 21:37:40
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------
F:\Downloads\Windows_XP_Professional_SP3_-_Activated.4535425.TPB.torrent
Size: 12989 bytes
Creation; 27/1/2012 23:19:45
Modification; 22/9/2011 12:32:58
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
F:\Downloads\Windows_XP_Professional_SP3_-_Activated.4535425.TPB.torrent
Size: 12989 bytes
Creation; 27/1/2012 23:19:45
Modification; 22/9/2011 12:32:58
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------
F:\Program Files\FlashGet Network\FlashGet 3\dat\torrent\6442468_Windows_XP_Professional_SP3_-_Activated.4535425.TPB.torrent
Size: 12989 bytes
Creation; 22/9/2011 12:33:21
Modification; 22/9/2011 12:32:58
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
F:\Program Files\FlashGet Network\FlashGet 3\dat\torrent\6442468_Windows_XP_Professional_SP3_-_Activated.4535425.TPB.torrent
Size: 12989 bytes
Creation; 22/9/2011 12:33:21
Modification; 22/9/2011 12:32:58
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------
F:\some prog\Windows XP Pro SP3 - Activated\Windows XP Pro SP3 - Activated.torrent
Size: 12989 bytes
Creation; 22/9/2011 12:33:21
Modification; 22/9/2011 12:32:58
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
F:\some prog\Windows XP Pro SP3 - Activated\Windows XP Pro SP3 - Activated.torrent
Size: 12989 bytes
Creation; 22/9/2011 12:33:21
Modification; 22/9/2011 12:32:58
MD5; 89718c2d9534243c17a9e81927401fc2
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------
F:\xp\DOCS\keyfinder.exe
Size: 272357 bytes
Creation; 7/8/2006 5:24:6
Modification; 7/8/2006 5:24:6
MD5; 042f13cb1818a8b9fe026a250c4eef93
Matched: Keyfinder.exe
-----------------------


WVCheck's Dir Dump
-----------------------
C:\Documents and Settings\home\My Documents\Downloads\Windows XP Pro SP3 - Activated
Size: 0 bytes
Creation; 27/1/2012 21:59:22
Modification; 27/1/2012 22:1:25
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
C:\Documents and Settings\home\My Documents\Downloads\Windows XP Pro SP3 - Activated
Size: 0 bytes
Creation; 27/1/2012 21:59:22
Modification; 27/1/2012 22:1:25
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------
F:\Downloads\Windows XP Pro SP3 - Activated
Size: 0 bytes
Creation; 27/1/2012 23:19:48
Modification; 27/1/2012 23:19:48
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
F:\Downloads\Windows XP Pro SP3 - Activated
Size: 0 bytes
Creation; 27/1/2012 23:19:48
Modification; 27/1/2012 23:19:48
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------
F:\some prog\Windows XP Pro SP3 - Activated
Size: 0 bytes
Creation; 22/9/2011 12:33:21
Modification; 22/9/2011 13:52:6
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
F:\some prog\Windows XP Pro SP3 - Activated
Size: 0 bytes
Creation; 22/9/2011 12:33:21
Modification; 22/9/2011 13:52:6
Matched: The words 'XP' and 'activated' in one sentence.
-----------------------


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
Line: 127.0.0.1 mpa.one.microsoft.com
Matched: *microsoft.com*
-----------------------


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


-------- End of File, program close at 2226_15-04-2012 --------
  • 0

#4
Essexboy
Posted 15 April 2012 - 11:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I need to ask you now if this is a legal copy of windows before I can assist any further
  • 0

#5
SomeBodyHelpMe
Posted 16 April 2012 - 07:07 AM

SomeBodyHelpMe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
It is i guess
  • 0

#6
Essexboy
Posted 16 April 2012 - 07:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
After this run could you let me know what the current problems are

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/04/13 10:31:07 | 000,047,147 | ---- | C] () -- C:\WINDOWS\alx.ubb
    [2012/04/13 10:21:48 | 000,156,341 | ---- | C] () -- C:\WINDOWS\yutm.dow
    [2012/04/13 10:21:34 | 000,361,444 | ---- | C] () -- C:\WINDOWS\aqh.omn
    [2012/04/12 15:42:41 | 000,081,401 | ---- | C] () -- C:\WINDOWS\xyr.iyy
    [2012/04/12 14:48:46 | 000,024,543 | ---- | C] () -- C:\WINDOWS\vpww.jif
    [2012/04/12 14:45:23 | 000,243,470 | ---- | C] () -- C:\WINDOWS\kxt.jra
    [2012/04/12 14:45:21 | 000,063,422 | ---- | C] () -- C:\WINDOWS\qadskx.vgk
    [2012/04/12 14:45:15 | 000,191,213 | ---- | C] () -- C:\WINDOWS\hietqbj.mxv
    [2012/04/12 14:45:12 | 000,284,082 | ---- | C] () -- C:\WINDOWS\vpk.kqb
    [2012/04/11 16:28:05 | 000,156,867 | ---- | C] () -- C:\WINDOWS\exwmwp.fjk
    [2012/04/11 16:28:05 | 000,137,081 | ---- | C] () -- C:\WINDOWS\vyul.rha
    [2012/04/14 23:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
SomeBodyHelpMe
Posted 16 April 2012 - 09:48 AM

SomeBodyHelpMe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 4/16/2012 9:14:12 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Bleh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.15% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 80.47 Gb Free Space | 82.40% Space Free | Partition Type: NTFS
Drive D: | 622.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 97.65 Gb Total Space | 29.73 Gb Free Space | 30.44% Space Free | Partition Type: NTFS
Drive G: | 97.65 Gb Total Space | 97.58 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive H: | 172.80 Gb Total Space | 160.86 Gb Free Space | 93.09% Space Free | Partition Type: NTFS

Computer Name: PRAVEEN | User Name: Bleh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/15 14:47:09 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bleh\My Documents\Downloads\OTL.exe
PRC - [2012/04/10 01:58:49 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/12/22 18:51:38 | 000,088,688 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe
PRC - [2010/11/15 16:51:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/10 01:58:48 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\ppgooglenaclpluginchrome.dll
MOD - [2012/04/10 01:58:46 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\pdf.dll
MOD - [2012/04/10 01:57:21 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\avutil-51.dll
MOD - [2012/04/10 01:57:20 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\avformat-53.dll
MOD - [2012/04/10 01:57:19 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\avcodec-53.dll
MOD - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
MOD - [2009/03/13 11:30:44 | 000,109,096 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/03/24 10:07:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2010/12/22 18:51:38 | 000,088,688 | R--- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)
SRV - [2010/11/15 16:51:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2006/03/03 21:03:10 | 000,299,008 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\G+\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/16 21:11:16 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011/01/10 18:16:16 | 000,018,544 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/12/22 18:51:40 | 002,804,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/11/26 09:47:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/11/17 17:33:56 | 000,101,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/06/25 12:37:44 | 000,061,552 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012/01/28 00:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012/01/28 00:37:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2012/01/28 00:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2012/04/15 15:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins

[2012/04/15 15:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bleh\Application Data\Mozilla\Extensions
[2012/01/28 01:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bleh\Application Data\Mozilla\Firefox\extensions
[2012/01/28 01:01:51 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Bleh\Application Data\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/14 23:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bleh\Application Data\Mozilla\Firefox\Profiles\extensions
[2012/01/29 09:57:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/03 21:32:58 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: FBPHOTOZOOM = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Bleh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/16 21:08:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [StartCCC] F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D988BF92-0DD6-4E97-83A0-17CB7B342774}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bleh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bleh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/11 05:09:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 16:30:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 19:58:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/15 15:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Mozilla
[2012/04/15 14:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
[2012/04/15 14:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\PC_Drivers_Headquarters
[2012/04/15 14:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2012/04/15 14:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Driver Detective
[2012/04/15 14:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Start Menu\Programs\ParetoLogic
[2012/04/15 14:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/04/15 14:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2012/04/15 14:08:22 | 000,000,000 | ---D | C] -- C:\$WIN_NT$.~BT
[2012/04/15 00:33:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/15 00:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\smitRem
[2012/04/15 00:12:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/04/14 23:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/04/14 23:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\fbphotozoom
[2012/04/14 23:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012/04/02 23:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Apple Computer
[2012/04/02 23:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Application Data\Apple Computer
[2012/04/02 23:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2012/04/02 23:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/02 23:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2012/04/02 23:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/02 23:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Apple
[2012/04/02 23:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/04/02 23:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/02 23:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/02 23:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2012/03/29 22:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\vrally3D
[2012/03/29 22:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\RealBoxing3D
[2012/03/29 22:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\planetriders
[2012/03/29 22:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\MobiChess_240x320
[2012/03/29 22:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Desktop\Alliance 3D
[2012/03/27 15:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/03/25 22:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Adobe
[2012/03/25 22:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Application Data\HP
[2012/03/25 22:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
[2012/03/25 22:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\HP
[2012/03/25 22:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2012/03/24 19:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
[2012/03/24 19:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/03/24 19:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bleh\Local Settings\Application Data\Microsoft Help
[2012/03/24 19:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

========== Files - Modified Within 30 Days ==========

[2012/04/16 21:16:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1844823847-1417001333-1003UA.job
[2012/04/16 21:15:40 | 000,496,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/16 21:15:39 | 000,084,966 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/16 21:13:12 | 000,099,214 | ---- | M] () -- C:\WINDOWS\vpww.jif
[2012/04/16 21:13:07 | 000,199,874 | ---- | M] () -- C:\WINDOWS\kxt.jra
[2012/04/16 21:13:05 | 000,172,487 | ---- | M] () -- C:\WINDOWS\yutm.dow
[2012/04/16 21:13:05 | 000,119,147 | ---- | M] () -- C:\WINDOWS\vyul.rha
[2012/04/16 21:12:56 | 000,221,541 | ---- | M] () -- C:\WINDOWS\hietqbj.mxv
[2012/04/16 21:12:53 | 000,371,163 | ---- | M] () -- C:\WINDOWS\aqh.omn
[2012/04/16 21:11:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/16 21:08:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/04/16 20:16:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1844823847-1417001333-1003Core.job
[2012/04/15 15:46:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2012/04/15 15:46:53 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Bleh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/15 15:46:53 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2012/04/15 14:33:56 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Driver Detective.lnk
[2012/04/15 14:30:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/15 14:30:50 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/15 14:20:07 | 000,000,267 | RHS- | M] () -- C:\boot.ini
[2012/04/15 13:49:45 | 000,000,268 | RHS- | M] () -- C:\BOOT.BAK
[2012/04/15 12:29:35 | 000,001,341 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\regtools.vbs
[2012/04/15 00:02:43 | 000,000,010 | ---- | M] () -- C:\WINDOWS\GSetup.ini
[2012/04/14 23:39:54 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\Download The_Devil_Inside_2012_DvDrip_FxM.lnk
[2012/04/10 22:40:55 | 007,278,276 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\Progress report as on 06.04.2012.pdf
[2012/04/10 17:17:24 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\Google Chrome.lnk
[2012/04/10 17:17:24 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Bleh\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/09 16:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/09 16:28:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/07 19:51:11 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/05 23:02:03 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\Bleh\Application Data\room_v3.dat
[2012/04/04 14:17:11 | 000,271,864 | ---- | M] () -- C:\Documents and Settings\Bleh\Desktop\IMG_0007.jpg
[2012/04/02 23:04:49 | 000,001,454 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2012/03/25 22:38:06 | 000,117,644 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2012/03/25 22:37:30 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Photosmart Essential.lnk
[2012/03/25 22:36:54 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/03/25 22:36:36 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Solution Center.lnk
[2012/03/25 22:32:06 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2012/03/25 09:23:27 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/16 21:13:12 | 000,099,214 | ---- | C] () -- C:\WINDOWS\vpww.jif
[2012/04/16 21:13:07 | 000,199,874 | ---- | C] () -- C:\WINDOWS\kxt.jra
[2012/04/16 21:13:05 | 000,172,487 | ---- | C] () -- C:\WINDOWS\yutm.dow
[2012/04/16 21:12:56 | 000,221,541 | ---- | C] () -- C:\WINDOWS\hietqbj.mxv
[2012/04/16 21:12:53 | 000,371,163 | ---- | C] () -- C:\WINDOWS\aqh.omn
[2012/04/15 15:46:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/04/15 15:46:53 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Bleh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/15 15:46:53 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/15 15:46:53 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2012/04/15 14:33:56 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Driver Detective.lnk
[2012/04/15 14:30:50 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/15 14:30:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/15 12:29:38 | 000,001,341 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\regtools.vbs
[2012/04/15 00:12:23 | 000,260,288 | R--- | C] () -- C:\$LDR$
[2012/04/15 00:12:23 | 000,000,268 | RHS- | C] () -- C:\BOOT.BAK
[2012/04/15 00:12:22 | 000,440,533 | R--- | C] () -- C:\txtsetup.sif
[2012/04/14 23:39:54 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\Download The_Devil_Inside_2012_DvDrip_FxM.lnk
[2012/04/11 16:28:05 | 000,119,147 | ---- | C] () -- C:\WINDOWS\vyul.rha
[2012/04/10 22:40:55 | 007,278,276 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\Progress report as on 06.04.2012.pdf
[2012/04/06 15:46:29 | 004,456,751 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\paradise.mp3
[2012/04/04 14:17:11 | 000,271,864 | ---- | C] () -- C:\Documents and Settings\Bleh\Desktop\IMG_0007.jpg
[2012/04/02 23:04:49 | 000,001,454 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2012/04/02 23:03:45 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/02 23:03:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Apple Software Update.lnk
[2012/03/25 22:37:30 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Photosmart Essential.lnk
[2012/03/25 22:36:54 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/03/25 22:36:36 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Solution Center.lnk
[2012/03/25 22:33:11 | 000,117,644 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/03/25 22:32:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/25 22:32:06 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2012/03/25 22:31:07 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2012/02/15 12:20:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/08 20:27:44 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\setting.ini
[2012/02/08 12:50:14 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Bleh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 22:51:51 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\Bleh\Application Data\room_v3.dat
[2012/01/28 05:42:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/28 05:40:57 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/28 00:48:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/01/28 00:48:39 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/01/28 00:48:39 | 000,224,001 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/01/28 00:48:39 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/01/28 00:40:53 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe
[2012/01/28 00:40:53 | 000,018,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
[2012/01/28 00:39:31 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2012/01/28 00:39:31 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2012/01/28 00:31:42 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/01/28 00:31:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/01/28 00:23:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/28 00:17:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/21 16:42:38 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/18 03:13:12 | 000,728,858 | ---- | C] () -- C:\Program Files\Common Files\unins000.exe
[2011/09/18 03:13:12 | 000,002,994 | ---- | C] () -- C:\Program Files\Common Files\unins000.dat

========== LOP Check ==========

[2012/01/28 15:39:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/04/05 21:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GarenaMessenger
[2012/02/16 18:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2012/01/28 23:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nexon
[2012/01/28 01:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS
[2012/04/15 14:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2012/04/15 14:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2012/01/28 00:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Splashtop
[2012/04/15 14:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
[2012/04/02 23:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/15 00:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bleh\Application Data\BitTorrent
[2012/04/04 12:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bleh\Application Data\GarenaPlus
[2012/01/28 00:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bleh\Application Data\Splashtop
[2012/04/15 14:30:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job

========== Purity Check ==========



< End of report >
  • 0

#8
Essexboy
Posted 16 April 2012 - 11:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Some have returned so I will need to look a tad deeper

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
SomeBodyHelpMe
Posted 17 April 2012 - 09:01 AM

SomeBodyHelpMe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
HERE'S THE ComboFix.txt:

ComboFix 12-04-16.03 - Bleh 04/17/2012 19:21:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1689 [GMT 5.5:30]
Running from: c:\documents and settings\Bleh\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\system32\Cache
c:\windows\system32\ReadMe.txt
c:\windows\system32\setting.ini
c:\windows\TEMP\15.tmp
c:\windows\TEMP\1E.tmp
c:\windows\TEMP\3C.tmp
c:\windows\TEMP\48.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-16 14:28 . 2012-04-16 14:28 -------- d-----w- C:\_OTL
2012-04-15 10:16 . 2012-04-15 10:16 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\Mozilla
2012-04-15 09:05 . 2012-04-15 09:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\UAB
2012-04-15 09:05 . 2012-04-15 09:05 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\PC_Drivers_Headquarters
2012-04-15 09:04 . 2012-04-15 09:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2012-04-15 09:00 . 2012-04-15 09:00 -------- d-----w- c:\program files\Common Files\ParetoLogic
2012-04-15 09:00 . 2012-04-15 09:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ParetoLogic
2012-04-15 08:38 . 2012-04-15 08:38 -------- d-----w- C:\$WIN_NT$.~BT
2012-04-15 07:28 . 2012-04-15 07:28 -------- d-----w- c:\documents and settings\Administrator.PRAVEEN
2012-04-14 18:37 . 2012-04-17 13:31 17488 ----a-w- c:\windows\gdrv.sys
2012-04-14 18:10 . 2012-04-14 18:10 -------- d-----w- c:\program files\Yontoo
2012-04-14 18:09 . 2012-04-14 18:09 -------- d-----w- c:\program files\fbphotozoom
2012-04-14 18:09 . 2012-04-14 18:09 -------- d-----w- c:\program files\1ClickDownload
2012-04-09 11:24 . 2012-04-09 11:24 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\BitTorrentBar
2012-04-09 11:24 . 2012-04-09 11:24 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple
2012-04-02 17:35 . 2012-04-02 17:35 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\Apple Computer
2012-04-02 17:35 . 2012-04-03 16:18 -------- d-----w- c:\documents and settings\Bleh\Application Data\Apple Computer
2012-04-02 17:34 . 2009-05-18 07:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-02 17:34 . 2008-04-17 06:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-04-02 17:34 . 2012-04-02 17:34 -------- d-----w- c:\program files\iPod
2012-04-02 17:33 . 2012-04-02 17:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\Apple
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\program files\Apple Software Update
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
2012-04-02 17:33 . 2012-02-15 05:31 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-02 17:33 . 2012-02-15 05:31 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\program files\Bonjour
2012-04-02 17:33 . 2012-04-02 17:34 -------- d-----w- c:\program files\Common Files\Apple
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2012-04-02 17:01 . 2001-08-17 17:06 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-04-02 17:01 . 2008-04-14 00:12 224768 ------w- c:\windows\system32\ptpusd.dll
2012-03-27 10:29 . 2012-03-27 10:29 -------- d-----w- c:\program files\MSXML 4.0
2012-03-25 17:11 . 2012-03-25 17:11 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\Adobe
2012-03-25 17:07 . 2012-03-25 17:07 -------- d-----w- c:\documents and settings\Bleh\Application Data\HP
2012-03-25 17:07 . 2012-03-25 17:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP
2012-03-25 17:01 . 2006-04-12 10:04 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2012-03-25 17:01 . 2006-04-12 10:04 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2012-03-25 17:01 . 2006-01-03 17:12 135168 ------w- c:\windows\system32\HPZIDS01.dll
2012-03-25 17:01 . 2006-04-10 08:33 461824 ------w- c:\windows\system32\hpzll054.dll
2012-03-25 17:01 . 2006-04-10 08:32 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2012-03-25 17:00 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-03-25 17:00 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-03-25 17:00 . 2006-03-03 15:33 307200 ------w- c:\windows\system32\HPZinw12.exe
2012-03-25 17:00 . 2006-03-03 15:33 299008 ------w- c:\windows\system32\HPZipm12.exe
2012-03-25 17:00 . 2006-03-03 15:32 577536 ------w- c:\windows\system32\HPZipr12.dll
2012-03-25 17:00 . 2006-03-03 15:32 155648 ------w- c:\windows\system32\HPZipt12.dll
2012-03-25 17:00 . 2006-03-03 15:32 122880 ------w- c:\windows\system32\HPZisn12.dll
2012-03-25 17:00 . 2006-03-03 15:33 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2012-03-25 17:00 . 1998-10-29 11:15 716288 ------w- c:\windows\IsUninst.exe
2012-03-24 14:27 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-03-24 14:27 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-03-24 14:24 . 2012-03-24 14:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-03-24 14:23 . 2012-03-24 14:23 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\Microsoft Help
2012-03-24 14:23 . 2012-03-24 14:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2008-04-14 00:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-27 19:40 . 2012-01-27 19:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-17 21:42 . 2011-09-17 21:43 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 08:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-27 41032304]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 155648]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3854336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 102400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [1/28/2012 12:40 AM 18544]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [1/28/2012 12:32 AM 68136]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [1/28/2012 12:39 AM 88688]
R2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [11/15/2010 4:51 PM 477000]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/28/2012 12:48 AM 101904]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [1/28/2012 12:42 AM 61552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/28/2012 12:39 AM 2804720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [3/24/2011 10:07 AM 493384]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\f:\g+\Garena Plus\Room\safedrv.sys --> f:\g+\Garena Plus\Room\safedrv.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 12:27]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1844823847-1417001333-1003Core.job
- c:\documents and settings\Bleh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-27 19:26]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1844823847-1417001333-1003UA.job
- c:\documents and settings\Bleh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-27 19:26]
.
2012-04-15 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-08-04 22:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Bleh\Application Data\Mozilla\Firefox\Profiles\af6qvhtw.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-04-17 20:26:16
ComboFix-quarantined-files.txt 2012-04-17 14:56
.
Pre-Run: 86,314,778,624 bytes free
Post-Run: 86,313,992,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"
.
- - End Of File - - 0189199041715E74809BC7C076FD9E71


And just in case here's the log.txt that combofix produces right after it finished running

ComboFix 12-04-16.03 - Bleh 04/17/2012 19:21:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1689 [GMT 5.5:30]
Running from: c:\documents and settings\Bleh\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\system32\Cache
c:\windows\system32\ReadMe.txt
c:\windows\system32\setting.ini
c:\windows\TEMP\15.tmp
c:\windows\TEMP\1E.tmp
c:\windows\TEMP\3C.tmp
c:\windows\TEMP\48.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-16 14:28 . 2012-04-16 14:28 -------- d-----w- C:\_OTL
2012-04-15 10:16 . 2012-04-15 10:16 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\Mozilla
2012-04-15 09:05 . 2012-04-15 09:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\UAB
2012-04-15 09:05 . 2012-04-15 09:05 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\PC_Drivers_Headquarters
2012-04-15 09:04 . 2012-04-15 09:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2012-04-15 09:00 . 2012-04-15 09:00 -------- d-----w- c:\program files\Common Files\ParetoLogic
2012-04-15 09:00 . 2012-04-15 09:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ParetoLogic
2012-04-15 08:38 . 2012-04-15 08:38 -------- d-----w- C:\$WIN_NT$.~BT
2012-04-15 07:28 . 2012-04-15 07:28 -------- d-----w- c:\documents and settings\Administrator.PRAVEEN
2012-04-14 18:37 . 2012-04-17 13:31 17488 ----a-w- c:\windows\gdrv.sys
2012-04-14 18:10 . 2012-04-14 18:10 -------- d-----w- c:\program files\Yontoo
2012-04-14 18:09 . 2012-04-14 18:09 -------- d-----w- c:\program files\fbphotozoom
2012-04-14 18:09 . 2012-04-14 18:09 -------- d-----w- c:\program files\1ClickDownload
2012-04-09 11:24 . 2012-04-09 11:24 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\BitTorrentBar
2012-04-09 11:24 . 2012-04-09 11:24 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple
2012-04-02 17:35 . 2012-04-02 17:35 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\Apple Computer
2012-04-02 17:35 . 2012-04-03 16:18 -------- d-----w- c:\documents and settings\Bleh\Application Data\Apple Computer
2012-04-02 17:34 . 2009-05-18 07:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-02 17:34 . 2008-04-17 06:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-04-02 17:34 . 2012-04-02 17:34 -------- d-----w- c:\program files\iPod
2012-04-02 17:33 . 2012-04-02 17:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\Apple
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\program files\Apple Software Update
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
2012-04-02 17:33 . 2012-02-15 05:31 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-02 17:33 . 2012-02-15 05:31 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\program files\Bonjour
2012-04-02 17:33 . 2012-04-02 17:34 -------- d-----w- c:\program files\Common Files\Apple
2012-04-02 17:33 . 2012-04-02 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2012-04-02 17:01 . 2001-08-17 17:06 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-04-02 17:01 . 2008-04-14 00:12 224768 ------w- c:\windows\system32\ptpusd.dll
2012-03-27 10:29 . 2012-03-27 10:29 -------- d-----w- c:\program files\MSXML 4.0
2012-03-25 17:11 . 2012-03-25 17:11 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\Adobe
2012-03-25 17:07 . 2012-03-25 17:07 -------- d-----w- c:\documents and settings\Bleh\Application Data\HP
2012-03-25 17:07 . 2012-03-25 17:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP
2012-03-25 17:01 . 2006-04-12 10:04 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2012-03-25 17:01 . 2006-04-12 10:04 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2012-03-25 17:01 . 2006-01-03 17:12 135168 ------w- c:\windows\system32\HPZIDS01.dll
2012-03-25 17:01 . 2006-04-10 08:33 461824 ------w- c:\windows\system32\hpzll054.dll
2012-03-25 17:01 . 2006-04-10 08:32 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2012-03-25 17:00 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-03-25 17:00 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-03-25 17:00 . 2006-03-03 15:33 307200 ------w- c:\windows\system32\HPZinw12.exe
2012-03-25 17:00 . 2006-03-03 15:33 299008 ------w- c:\windows\system32\HPZipm12.exe
2012-03-25 17:00 . 2006-03-03 15:32 577536 ------w- c:\windows\system32\HPZipr12.dll
2012-03-25 17:00 . 2006-03-03 15:32 155648 ------w- c:\windows\system32\HPZipt12.dll
2012-03-25 17:00 . 2006-03-03 15:32 122880 ------w- c:\windows\system32\HPZisn12.dll
2012-03-25 17:00 . 2006-03-03 15:33 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2012-03-25 17:00 . 1998-10-29 11:15 716288 ------w- c:\windows\IsUninst.exe
2012-03-24 14:27 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-03-24 14:27 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-03-24 14:24 . 2012-03-24 14:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-03-24 14:23 . 2012-03-24 14:23 -------- d-----w- c:\documents and settings\Bleh\Local Settings\Application Data\Microsoft Help
2012-03-24 14:23 . 2012-03-24 14:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2008-04-14 00:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-27 19:40 . 2012-01-27 19:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-17 21:42 . 2011-09-17 21:43 728858 ----a-w- c:\program files\Common Files\unins000.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 08:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-27 41032304]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 155648]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3854336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 102400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [1/28/2012 12:40 AM 18544]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [1/28/2012 12:32 AM 68136]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [1/28/2012 12:39 AM 88688]
R2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [11/15/2010 4:51 PM 477000]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/28/2012 12:48 AM 101904]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [1/28/2012 12:42 AM 61552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/28/2012 12:39 AM 2804720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [3/24/2011 10:07 AM 493384]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\f:\g+\Garena Plus\Room\safedrv.sys --> f:\g+\Garena Plus\Room\safedrv.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 12:27]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1844823847-1417001333-1003Core.job
- c:\documents and settings\Bleh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-27 19:26]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1844823847-1417001333-1003UA.job
- c:\documents and settings\Bleh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-27 19:26]
.
2012-04-15 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-08-04 22:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Bleh\Application Data\Mozilla\Firefox\Profiles\af6qvhtw.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-04-17 20:26:16
ComboFix-quarantined-files.txt 2012-04-17 14:56
.
Pre-Run: 86,314,778,624 bytes free
Post-Run: 86,313,992,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"
.
- - End Of File - - 0189199041715E74809BC7C076FD9E71
  • 0

#10
Essexboy
Posted 17 April 2012 - 09:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this can you let me know what problems remain

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\XDva391.sys

Driver::
XDva391

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  • 0

#11
Essexboy
Posted 21 April 2012 - 05:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP