Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost and dllhost downloading viruses and slowing CPU and disabling


  • Please log in to reply

#16
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Good decision. Two antiviruses together on the same system cause more issues than they actually help.

Ok, click on the Start button and type cmd in the search field and, when it pops up, right click cmd at the top to run as administrator.

In the Command Prompt window that appears, type:

ipconfig /flushdns

and press Enter.

That should hopefully flush out and reset the DNS contents on your system.

Then do a quick scan with Microsoft Security Essentials and tell me if it detects anything. A logged report would be helpful. Let me know if you have a hard time finding out how to locate the scan log for it.

Also, a quick scan with MalwareBytes' should be good, too. Make sure you also post that log in next reply.

Edited by Amlak, 27 April 2012 - 06:23 PM.

  • 0

Advertisements


#17
KidRoleplay

KidRoleplay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I ran Security Essentials first, and it didn't find anything. Then I ran Malwarebytes, and it found something, of which Security Essentials snatched during the process, making Malwarebytes appear to have found nothing. Thus, Malwarebyte's log came up clean:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Executive :: M8120N-2 [administrator]

Protection: Enabled

4/28/2012 3:05:01 AM
mbam-log-2012-04-28 (03-05-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 261085
Time elapsed: 13 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---

However, I don't know where Security Essentials places logs.

It found "Virus:Win32/Sirefef.N" in the file ... DWHDE71.tmp in C:\Users\"Myself"\AppData\Local\temp\

The action taken was "Disinfect."
  • 0

#18
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
I just remembered you had an issue with emptying temp using OTL.

Download TFC Cleaner here and give it a run and see how it goes.
  • 0

#19
KidRoleplay

KidRoleplay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
It deleted 280 Mb worth of files and then rebooted. Worked fine.
  • 0

#20
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Any problems on your system so far?

Let's do another OTL scan.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    %USERPROFILE%\AppData\Local\temp\*.* /s
    
  • Click the Run Scan button at the top.
  • When done, post the content of the resultant log in your next reply.

  • 0

#21
KidRoleplay

KidRoleplay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL ran and completed this time, although I'm not sure what it even discovered.

---

OTL logfile created on: 4/28/2012 10:50:00 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Executive\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.61% Memory free
6.21 Gb Paging File | 3.87 Gb Available in Paging File | 62.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.16 Gb Total Space | 29.14 Gb Free Space | 10.08% Space Free | Partition Type: NTFS
Drive D: | 8.93 Gb Total Space | 1.01 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 85.97 Gb Free Space | 28.84% Space Free | Partition Type: NTFS
Drive F: | 7.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: M8120N-2 | User Name: Executive | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/12/18 06:16:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Executive\Downloads\OTL.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 04:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 04:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/05/05 16:36:04 | 000,018,432 | ---- | M] () -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/01 18:45:36 | 001,926,440 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\Wacom_TabletUser.exe
PRC - [2010/02/01 18:45:34 | 004,949,288 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/11/13 14:23:18 | 001,969,824 | ---- | M] () -- C:\WINDOWS\System32\WTMKM.exe
PRC - [2007/04/19 21:11:16 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/19 21:10:42 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/08/01 16:35:36 | 000,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe


========== Modules (No Company Name) ==========

MOD - [2007/11/13 14:23:18 | 001,969,824 | ---- | M] () -- C:\WINDOWS\System32\WTMKM.exe
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006/08/28 18:29:00 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\ATWTINK.DLL
MOD - [2006/08/01 16:24:54 | 000,006,656 | ---- | M] () -- C:\Program Files\AIM\stats.ocm
MOD - [2006/08/01 16:17:26 | 000,106,496 | ---- | M] () -- C:\Program Files\AIM\aimax.dll
MOD - [2006/07/25 17:16:02 | 000,013,312 | ---- | M] () -- C:\Program Files\AIM\oscres.dll
MOD - [2006/07/25 14:03:56 | 000,229,376 | ---- | M] () -- C:\Program Files\AIM\inetsocket.dll
MOD - [2006/07/25 13:54:18 | 000,110,592 | ---- | M] () -- C:\Program Files\AIM\AIM_xmlp.dll
MOD - [2005/06/16 18:46:26 | 000,081,920 | ---- | M] () -- C:\Program Files\AIM\AIMToday.dll
MOD - [2004/08/18 14:56:48 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM\nssckbi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2012/04/12 20:22:50 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/05 16:36:04 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/01 18:45:34 | 004,949,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/09/22 18:34:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/09/18 11:57:32 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 12:25:58 | 000,364,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\atwtusb.exe -- (WTService)
SRV - [2007/04/19 21:10:42 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/09/11 19:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 19:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 18:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 18:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 13:32:28 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 02:47:56 | 000,026,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 12:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2012/04/28 16:22:22 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6A17B18-C5D1-4303-A4C1-1AE5FF73FCA3}\MpKsle533338c.sys -- (MpKsle533338c)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/07 19:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/04/12 17:13:04 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010/01/24 18:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/21 18:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/11/22 14:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008/09/16 13:15:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.11\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/19 00:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/18 16:30:16 | 000,366,080 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/01/04 12:41:50 | 000,255,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Executive\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Executive\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Executive\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/23 18:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/23 18:46:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Executive\Program Files\DNA [2010/07/05 19:27:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F94F4922-FBE8-43D1-B920-B401166DCB48}: C:\Users\Executive\AppData\Local\{F94F4922-FBE8-43D1-B920-B401166DCB48}\ [2010/06/30 20:10:14 | 000,000,000 | ---D | M]

[2011/03/16 03:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Executive\AppData\Roaming\Mozilla\Extensions
[2012/02/23 18:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\extensions
[2011/03/16 07:14:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/18 03:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/18 03:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/07/05 19:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\EXECUTIVE\PROGRAM FILES\DNA
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/04/26 20:30:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Executive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72695822-AF9B-4097-9294-0AD86EB046E5}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: E:\!Recovery\BloodElf.bmp
O24 - Desktop BackupWallPaper: E:\!Recovery\BloodElf.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/28 16:13:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/10 08:00:09 | 004,990,176 | R--- | M] (Crytek) - F:\AutoRunCD.exe -- [ UDF ]
O32 - AutoRun File - [2008/08/17 07:39:34 | 000,000,000 | R--D | M] - F:\autorun -- [ UDF ]
O32 - AutoRun File - [2008/07/29 06:38:20 | 000,000,081 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/28 14:29:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Executive\Desktop\TFC.exe
[2012/04/27 19:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2012/04/27 19:05:13 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Roaming\Stardock
[2012/04/27 19:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar
[2012/04/27 19:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2012/04/27 19:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Impulse
[2012/04/27 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Impulse
[2012/04/27 19:04:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EB424B13-2E57-4A45-936F-A4DFB6DB1688}
[2012/04/27 19:03:43 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\PackageAware
[2012/04/27 16:01:59 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\Chromium
[2012/04/26 21:19:51 | 000,000,000 | ---D | C] -- C:\Users\Executive\Documents\Guild Wars 2
[2012/04/26 21:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Guild Wars 2
[2012/04/26 20:38:58 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\temp
[2012/04/26 20:30:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/26 19:53:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/26 19:49:20 | 004,477,246 | R--- | C] (Swearware) -- C:\Users\Executive\Desktop\ComboFix.exe
[2012/04/26 17:51:10 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Roaming\FixZeroAccess
[2012/04/25 22:43:47 | 000,000,000 | ---D | C] -- C:\ProcExp
[2012/04/25 22:40:45 | 000,000,000 | ---D | C] -- C:\ProcMon
[2012/04/24 21:41:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/23 18:35:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/23 18:34:59 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/23 18:34:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/23 18:34:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/23 18:34:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/23 18:34:57 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/23 18:33:06 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/23 18:33:06 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/11 22:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2012/04/28 22:21:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 22:21:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 16:21:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/28 14:29:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Executive\Desktop\TFC.exe
[2012/04/28 03:27:29 | 000,000,837 | ---- | M] () -- C:\Users\Executive\Desktop\Gw2.exe - Shortcut.lnk
[2012/04/27 19:09:32 | 000,002,651 | ---- | M] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/04/27 19:04:42 | 000,000,985 | ---- | M] () -- C:\Users\Executive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk
[2012/04/27 19:04:40 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\GameStop.lnk
[2012/04/27 17:31:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/27 17:30:48 | 000,674,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/27 17:30:48 | 000,130,210 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/26 20:30:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/26 19:49:40 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\Executive\Desktop\ComboFix.exe
[2012/04/25 23:03:10 | 400,319,217 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/25 21:48:06 | 000,000,680 | ---- | M] () -- C:\Users\Executive\AppData\Local\d3d9caps.dat
[2012/04/24 17:42:50 | 000,000,512 | ---- | M] () -- C:\Users\Executive\Documents\MBR.dat
[2012/04/22 17:57:01 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 23:29:22 | 000,002,609 | ---- | M] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/04/21 16:47:14 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/04/15 10:25:28 | 000,000,177 | ---- | M] () -- C:\Users\Public\Desktop\Get 3D Models.url
[2012/04/13 16:17:15 | 000,000,274 | ---- | M] () -- C:\Users\Public\Documents\neople_uninstaller0.bat
[2012/04/11 22:56:07 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/28 03:27:29 | 000,000,837 | ---- | C] () -- C:\Users\Executive\Desktop\Gw2.exe - Shortcut.lnk
[2012/04/27 19:04:42 | 000,000,985 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk
[2012/04/27 19:04:40 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\GameStop.lnk
[2012/04/27 17:31:09 | 000,001,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/25 23:03:10 | 400,319,217 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/23 22:36:53 | 000,000,512 | ---- | C] () -- C:\Users\Executive\Documents\MBR.dat
[2012/04/23 19:56:15 | 000,000,680 | ---- | C] () -- C:\Users\Executive\AppData\Local\d3d9caps.dat
[2012/04/15 10:15:30 | 000,000,177 | ---- | C] () -- C:\Users\Public\Desktop\Get 3D Models.url
[2012/04/13 16:17:15 | 000,000,274 | ---- | C] () -- C:\Users\Public\Documents\neople_uninstaller0.bat
[2012/04/11 22:56:07 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/27 08:23:48 | 000,004,608 | ---- | C] () -- C:\Users\Executive\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/18 17:20:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/18 17:20:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/18 17:20:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/18 17:20:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/18 17:20:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/24 21:48:46 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/28 10:44:49 | 000,036,335 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/11/23 22:54:04 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/11/23 21:09:17 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/11/23 14:04:07 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010/10/09 23:53:39 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/26 18:14:33 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/09/23 20:18:10 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/09/23 20:18:09 | 000,022,328 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\PnkBstrK.sys
[2010/09/23 20:17:58 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/09/23 20:17:57 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/09/23 20:17:57 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/03 21:28:53 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/03/08 01:30:06 | 000,000,331 | ---- | C] () -- C:\Windows\doom3.ini
[2010/03/07 21:39:38 | 000,000,092 | ---- | C] () -- C:\Windows\FinalSun.ini
[2009/12/23 01:22:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/02 15:16:46 | 000,000,062 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\MTC-savedfolder.dat
[2009/08/18 16:18:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 16:18:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/12 19:40:49 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/06/12 19:40:49 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/06/12 19:40:49 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/04/03 00:46:04 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/17 16:07:34 | 000,055,086 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/01/13 19:31:06 | 000,364,192 | ---- | C] () -- C:\Windows\System32\atwtusb.exe
[2009/01/13 19:31:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\InstallService.exe
[2009/01/13 19:31:03 | 001,969,824 | ---- | C] () -- C:\Windows\System32\WTMKM.exe
[2009/01/13 19:31:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2009/01/13 19:31:02 | 000,102,048 | ---- | C] () -- C:\Windows\RmTablet.exe
[2009/01/13 19:31:01 | 000,021,784 | ---- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2009/01/13 19:31:01 | 000,014,446 | ---- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2009/01/13 19:31:01 | 000,011,125 | ---- | C] () -- C:\Windows\System32\Vista.ini
[2009/01/13 19:31:01 | 000,010,438 | ---- | C] () -- C:\Windows\System32\XP_2000.INI
[2009/01/13 19:31:01 | 000,000,619 | ---- | C] () -- C:\Windows\System32\MKProfile.ini
[2009/01/13 19:31:00 | 000,006,874 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008/11/11 10:50:17 | 000,000,000 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\pssetup.cfg
[2008/10/21 23:20:39 | 000,000,056 | -HS- | C] () -- C:\Windows\System32\578D8CCAC5.sys
[2008/10/21 23:20:35 | 000,001,890 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/10/07 08:15:14 | 000,034,123 | ---- | C] () -- C:\Windows\scunin.dat
[2008/09/03 22:23:04 | 000,000,085 | ---- | C] () -- C:\Windows\FinalAlert2.ini
[2008/08/01 03:06:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/31 20:50:31 | 000,000,625 | ---- | C] () -- C:\Windows\eReg.dat
[2008/07/14 09:01:58 | 001,117,184 | ---- | C] () -- C:\Windows\System32\swfExt.dll
[2008/07/14 09:01:58 | 000,037,888 | ---- | C] () -- C:\Windows\System32\flash_lib.dll
[2008/07/14 08:42:42 | 000,000,125 | ---- | C] () -- C:\Windows\fd3.INI
[2008/07/05 22:56:32 | 000,000,703 | ---- | C] () -- C:\Windows\H2_Setup.INI
[2008/07/01 03:04:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/06/10 20:52:10 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/06/02 09:47:59 | 000,150,213 | ---- | C] () -- C:\Windows\hpwins05.dat
[2008/05/22 18:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/22 18:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/09/20 10:51:04 | 000,015,977 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2007/09/14 12:10:17 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2007/08/28 16:05:48 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/28 15:57:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/28 15:50:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/28 15:48:19 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/08/28 15:48:19 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/04/03 12:59:54 | 006,148,096 | ---- | C] () -- C:\Windows\System32\dzcore.dll
[2007/03/06 04:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 10:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 10:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/12/05 17:07:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\dzbryce6.dll
[2006/12/05 17:00:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dzwrapper.dll
[2006/11/20 18:25:16 | 001,343,488 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2006/11/20 18:25:02 | 004,984,832 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,817,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,674,580 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,130,210 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 13:09:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2004/12/01 19:34:46 | 000,000,725 | -H-- | C] () -- C:\Windows\C8E838E3SD8Emsys.dat
[2004/08/03 15:00:00 | 000,773,120 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2003/02/10 02:13:10 | 000,000,425 | -H-- | C] () -- C:\ProgramData\systmsp2C8E838E3SD8E
[2002/02/28 14:25:55 | 000,000,905 | -H-- | C] () -- C:\Windows\System32\C8E838E3SD8Empsd43.dat
[2001/08/15 13:48:11 | 000,000,545 | -H-- | C] () -- C:\Users\Executive\AppData\Roaming\winpmltsC8E838E3SD8E
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========


< %USERPROFILE%\AppData\Local\temp\*.* /s >
[2012/04/28 16:23:53 | 000,000,849 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\AdobeARM.log
[2012/04/28 16:28:22 | 000,007,799 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\au-descriptor-1.6.0_32-b05.xml
[2012/04/28 22:53:55 | 000,031,832 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\Executive.bmp
[2012/04/28 16:24:18 | 000,000,311 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\hpqddusr.log
[2007/08/17 16:00:10 | 000,043,280 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\hpzEN4x6.chm
[2007/08/17 16:00:10 | 000,228,690 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\hpzEN4x6.hlp
[2012/04/28 16:28:27 | 000,000,697 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\jusched.log
[14 C:\Users\Executive\AppData\Local\temp\*.tmp files -> C:\Users\Executive\AppData\Local\temp\*.tmp -> ]
[2012/04/28 18:10:38 | 011,040,768 | ---- | M] (IBM Corporation and others) -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\icudt42.dll
[2012/04/28 22:28:31 | 000,001,058 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Local State
[2012/04/28 19:06:52 | 000,053,248 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Archived History
[2012/04/28 19:06:52 | 000,000,477 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Bookmarks
[2012/04/28 19:07:21 | 000,008,192 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Cookies
[2012/04/28 22:28:32 | 000,090,112 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\History
[2012/04/28 22:28:32 | 000,014,586 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Preferences
[2012/04/28 19:06:52 | 000,024,576 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Thumbnails
[2012/04/28 19:06:52 | 000,131,072 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Visited Links
[2012/04/28 19:06:51 | 000,057,344 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Web Data
[2012/04/28 22:28:33 | 000,045,056 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Cache\data_0
[2012/04/28 22:28:33 | 000,270,336 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Cache\data_1
[2012/04/28 22:28:33 | 001,056,768 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Cache\data_2
[2012/04/28 22:28:33 | 004,202,496 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Cache\data_3
[2012/04/28 19:06:53 | 000,051,518 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Cache\f_000001
[2012/04/28 19:06:54 | 000,172,316 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Cache\f_000002
[2012/04/28 16:29:38 | 000,524,656 | ---- | M] () -- C:\Users\Executive\AppData\Local\temp\{882068E2-32AA-154B-E168-2088AA324B15}\profile\Default\Cache\index

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#22
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Windows\System32\578D8CCAC5.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Do the same for each of the following:


C:\Windows\System32\KGyGaAvL.sys
C:\Windows\C8E838E3SD8Emsys.dat
C:\ProgramData\systmsp2C8E838E3SD8E
C:\Windows\System32\C8E838E3SD8Empsd43.dat
C:\Users\Executive\AppData\Roaming\winpmltsC8E838E3SD8E

  • 0

#23
KidRoleplay

KidRoleplay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
All of them that have completed report no viruses. The last one, however, never completes. Tried it twice. The scanner gets to 77% complete and then just stalls. This is the one that stalls:

C:\Users\Executive\AppData\Roaming\winpmltsC8E838E3SD8E

It stalled at the Posted Image logo.

Anyway, I just deleted the file. It had a creation date of 8/15/2001.
---

VirSCAN.org Scanned Report :
Scanned time : 2012/04/29 07:38:01 (EDT)
Scanner results: Scanners did not find malware!
File Name : 578D8CCAC5.sys
File Size : 56 byte
File Type : data
MD5 : 71717b0ade849526ca10600e15581024
SHA1 : 06ffdddd33802b90c397c8bb404839c4483d7f6e
Online report : http://r.virscan.org...2cec255a3a57ac8

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120429110331 2012-04-29 6.84 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.46 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.17 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.28 -
Arcavir 2011 201204271537 2012-04-27 4.20 -
Authentium 5.1.1 201204281003 2012-04-28 1.44 -
AVAST! 4.7.4 120429-0 2012-04-29 0.16 -
AVG 12.0.1782 2409/4966 2012-04-29 0.24 -
BitDefender 7.90123.7102813 7.42066 2012-04-28 4.49 -
ClamAV 0.97.3 14858 2012-04-29 0.16 -
Comodo 5.1 12183 2012-04-29 2.34 -
CP Secure 1.3.0.5 2012.04.29 2012-04-29 0.17 -
Dr.Web 7.0.1.2210 2012.04.28 2012-04-28 14.12 -
F-Prot 4.6.2.117 20120428 2012-04-28 0.83 -
F-Secure 7.02.73807 2012.04.29.02 2012-04-29 3.54 -
Fortinet 4.3.392 15.475 2012-04-28 0.14 -
GData 22.4795 20120429 2012-04-29 5.25 -
ViRobot 20120428 2012.04.28 2012-04-28 0.37 -
Ikarus T3.1.32.20.0 2012.04.29.81060 2012-04-29 5.62 -
JiangMin 13.0.900 2012.04.29 2012-04-29 2.04 -
Kaspersky 5.5.10 2012.04.29 2012-04-29 0.21 -
KingSoft 2009.2.5.15 2012.4.29.9 2012-04-29 0.85 -
McAfee 5400.1158 6695 2012-04-28 9.65 -
Microsoft 1.8304 2012.04.29 2012-04-29 3.45 -
NOD32 3.0.21 7095 2012-04-29 0.17 -
Panda 9.05.01 2012.04.28 2012-04-28 2.77 -
Trend Micro 9.500-1005 8.952.02 2012-04-28 0.18 -
Quick Heal 11.00 2012.04.29 2012-04-29 0.96 -
Rising 20.0 24.07.05.02 2012-04-28 0.53 -
Sophos 3.30.0 4.76 2012-04-29 5.50 -
Sunbelt 3.9.2535.2 11854 2012-04-29 0.87 -
Symantec 1.3.0.24 20120428.016 2012-04-28 0.41 -
nProtect 20120428.01 11199676 2012-04-28 1.37 -
The Hacker 6.7.0.1 v00452 2012-04-28 0.60 -
VBA32 3.12.16.4 20120428.0932 2012-04-28 3.63 -
VirusBuster 5.5.0.2 14.2.48.0/8518882 2012-04-28 0.17 -


VirSCAN.org Scanned Report :
Scanned time : 2012/04/29 07:41:25 (EDT)
Scanner results: Scanners did not find malware!
File Name : KGyGaAvL.sys
File Size : 1890 byte
File Type : data
MD5 : 68c43106fe15111f9b78be58252d9f6e
SHA1 : 4c2601ffb161056f23635c21a044147022f64aa3
Online report : http://r.virscan.org...7c2cb9d9aa5d62b

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120429110331 2012-04-29 5.80 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 3.60 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.28 -
Arcavir 2011 201204271537 2012-04-27 4.17 -
Authentium 5.1.1 201204281003 2012-04-28 1.48 -
AVAST! 4.7.4 120429-0 2012-04-29 0.17 -
AVG 12.0.1782 2409/4966 2012-04-29 0.24 -
BitDefender 7.90123.7102813 7.42066 2012-04-28 3.87 -
ClamAV 0.97.3 14858 2012-04-29 0.16 -
Comodo 5.1 12183 2012-04-29 2.33 -
CP Secure 1.3.0.5 2012.04.29 2012-04-29 0.17 -
Dr.Web 7.0.1.2210 2012.04.28 2012-04-28 12.04 -
F-Prot 4.6.2.117 20120428 2012-04-28 0.82 -
F-Secure 7.02.73807 2012.04.29.02 2012-04-29 2.76 -
Fortinet 4.3.392 15.475 2012-04-28 0.16 -
GData 22.4795 20120429 2012-04-29 5.63 -
ViRobot 20120428 2012.04.28 2012-04-28 0.44 -
Ikarus T3.1.32.20.0 2012.04.29.81060 2012-04-29 5.54 -
JiangMin 13.0.900 2012.04.29 2012-04-29 2.18 -
Kaspersky 5.5.10 2012.04.29 2012-04-29 0.23 -
KingSoft 2009.2.5.15 2012.4.29.9 2012-04-29 0.92 -
McAfee 5400.1158 6695 2012-04-28 9.51 -
Microsoft 1.8304 2012.04.29 2012-04-29 4.47 -
NOD32 3.0.21 7095 2012-04-29 0.16 -
Panda 9.05.01 2012.04.28 2012-04-28 2.50 -
Trend Micro 9.500-1005 8.952.02 2012-04-28 0.19 -
Quick Heal 11.00 2012.04.29 2012-04-29 0.94 -
Rising 20.0 24.07.05.02 2012-04-28 0.48 -
Sophos 3.30.0 4.76 2012-04-29 5.27 -
Sunbelt 3.9.2535.2 11854 2012-04-29 0.80 -
Symantec 1.3.0.24 20120428.016 2012-04-28 0.34 -
nProtect 20120428.01 11199676 2012-04-28 1.39 -
The Hacker 6.7.0.1 v00452 2012-04-28 0.56 -
VBA32 3.12.16.4 20120428.0932 2012-04-28 3.73 -
VirusBuster 5.5.0.2 14.2.48.0/8518882 2012-04-28 0.17 -


VirSCAN.org Scanned Report :
Scanned time : 2012/04/29 07:43:43 (EDT)
Scanner results: Scanners did not find malware!
File Name : C8E838E3SD8Emsys.dat
File Size : 725 byte
File Type : data
MD5 : 44f42450676cd4a86d9525ba36e17689
SHA1 : d54333292b2ab70d7e95452d859e755710e92263
Online report : http://r.virscan.org...bc9acad511dd0b8

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120429110331 2012-04-29 5.65 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.03 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.27 -
Arcavir 2011 201204271537 2012-04-27 4.14 -
Authentium 5.1.1 201204281003 2012-04-28 1.62 -
AVAST! 4.7.4 120429-0 2012-04-29 0.16 -
AVG 12.0.1782 2409/4966 2012-04-29 0.24 -
BitDefender 7.90123.7102813 7.42066 2012-04-28 3.91 -
ClamAV 0.97.3 14858 2012-04-29 0.16 -
Comodo 5.1 12183 2012-04-29 2.37 -
CP Secure 1.3.0.5 2012.04.29 2012-04-29 0.17 -
Dr.Web 7.0.1.2210 2012.04.28 2012-04-28 13.19 -
F-Prot 4.6.2.117 20120428 2012-04-28 0.91 -
F-Secure 7.02.73807 2012.04.29.02 2012-04-29 0.20 -
Fortinet 4.3.392 15.475 2012-04-28 0.15 -
GData 22.4795 20120429 2012-04-29 5.32 -
ViRobot 20120428 2012.04.28 2012-04-28 0.37 -
Ikarus T3.1.32.20.0 2012.04.29.81060 2012-04-29 5.87 -
JiangMin 13.0.900 2012.04.29 2012-04-29 2.04 -
Kaspersky 5.5.10 2012.04.29 2012-04-29 0.20 -
KingSoft 2009.2.5.15 2012.4.29.9 2012-04-29 0.86 -
McAfee 5400.1158 6695 2012-04-28 9.41 -
Microsoft 1.8304 2012.04.29 2012-04-29 3.42 -
NOD32 3.0.21 7095 2012-04-29 0.17 -
Panda 9.05.01 2012.04.28 2012-04-28 2.80 -
Trend Micro 9.500-1005 8.952.02 2012-04-28 0.19 -
Quick Heal 11.00 2012.04.29 2012-04-29 0.95 -
Rising 20.0 24.07.05.02 2012-04-28 0.45 -
Sophos 3.30.0 4.76 2012-04-29 5.54 -
Sunbelt 3.9.2535.2 11854 2012-04-29 0.79 -
Symantec 1.3.0.24 20120428.016 2012-04-28 0.56 -
nProtect 20120428.01 11199676 2012-04-28 1.43 -
The Hacker 6.7.0.1 v00452 2012-04-28 0.57 -
VBA32 3.12.16.4 20120428.0932 2012-04-28 3.40 -
VirusBuster 5.5.0.2 14.2.48.0/8518882 2012-04-28 0.17 -


VirSCAN.org Scanned Report :
Scanned time : 2012/04/29 07:47:01 (EDT)
Scanner results: Scanners did not find malware!
File Name : systmsp2C8E838E3SD8E
File Size : 425 byte
File Type : data
MD5 : c90e5a48de22bde1209ef44c1805bdce
SHA1 : bfe046d44135f4a84806a244d9f1ff1d21b1b035
Online report : http://r.virscan.org...c6819d62b394f4a

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120429110331 2012-04-29 7.44 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.42 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.17 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.27 -
Arcavir 2011 201204271537 2012-04-27 4.27 -
Authentium 5.1.1 201204281003 2012-04-28 1.56 -
AVAST! 4.7.4 120429-0 2012-04-29 0.17 -
AVG 12.0.1782 2409/4966 2012-04-29 0.24 -
BitDefender 7.90123.7102813 7.42066 2012-04-28 4.33 -
ClamAV 0.97.3 14858 2012-04-29 0.16 -
Comodo 5.1 12183 2012-04-29 2.78 -
CP Secure 1.3.0.5 2012.04.29 2012-04-29 0.16 -
Dr.Web 7.0.1.2210 2012.04.28 2012-04-28 14.36 -
F-Prot 4.6.2.117 20120428 2012-04-28 1.00 -
F-Secure 7.02.73807 2012.04.29.02 2012-04-29 3.07 -
Fortinet 4.3.392 15.475 2012-04-28 0.15 -
GData 22.4795 20120429 2012-04-29 5.54 -
ViRobot 20120428 2012.04.28 2012-04-28 0.44 -
Ikarus T3.1.32.20.0 2012.04.29.81060 2012-04-29 6.98 -
JiangMin 13.0.900 2012.04.29 2012-04-29 2.22 -
Kaspersky 5.5.10 2012.04.29 2012-04-29 0.31 -
KingSoft 2009.2.5.15 2012.4.29.9 2012-04-29 1.17 -
McAfee 5400.1158 6695 2012-04-28 8.76 -
Microsoft 1.8304 2012.04.29 2012-04-29 7.05 -
NOD32 3.0.21 7095 2012-04-29 0.16 -
Panda 9.05.01 2012.04.28 2012-04-28 2.85 -
Trend Micro 9.500-1005 8.952.02 2012-04-28 0.18 -
Quick Heal 11.00 2012.04.29 2012-04-29 0.99 -
Rising 20.0 24.07.05.02 2012-04-28 0.47 -
Sophos 3.30.0 4.76 2012-04-29 6.25 -
Sunbelt 3.9.2535.2 11854 2012-04-29 1.09 -
Symantec 1.3.0.24 20120428.016 2012-04-28 0.69 -
nProtect 20120428.01 11199676 2012-04-28 2.26 -
The Hacker 6.7.0.1 v00452 2012-04-28 0.74 -
VBA32 3.12.16.4 20120428.0932 2012-04-28 3.76 -


VirSCAN.org Scanned Report :
Scanned time : 2012/04/29 07:52:21 (EDT)
Scanner results: Scanners did not find malware!
File Name : C8E838E3SD8Empsd43.dat
File Size : 905 byte
File Type : data
MD5 : e815b82ace6bfae34bb1e9275f212cdf
SHA1 : 4b895757c9e145a0e949b9d6a8549a51bc9dc12f
Online report : http://r.virscan.org...a099d03aef18ccf

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120429110331 2012-04-29 8.47 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.08 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.24 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.34 -
Arcavir 2011 201204271537 2012-04-27 4.42 -
Authentium 5.1.1 201204281003 2012-04-28 1.44 -
AVAST! 4.7.4 120429-0 2012-04-29 0.18 -
AVG 12.0.1782 2409/4966 2012-04-29 1.02 -
BitDefender 7.90123.7102813 7.42066 2012-04-28 3.96 -
ClamAV 0.97.3 14858 2012-04-29 0.16 -
Comodo 5.1 12183 2012-04-29 2.52 -
CP Secure 1.3.0.5 2012.04.29 2012-04-29 1.03 -
Dr.Web 7.0.1.2210 2012.04.28 2012-04-28 16.29 -
F-Prot 4.6.2.117 20120428 2012-04-28 1.63 -
F-Secure 7.02.73807 2012.04.29.02 2012-04-29 0.27 -
Fortinet 4.3.392 15.475 2012-04-28 0.16 -
GData 22.4795 20120429 2012-04-29 5.94 -
ViRobot 20120428 2012.04.28 2012-04-28 0.41 -
Ikarus T3.1.32.20.0 2012.04.29.81060 2012-04-29 5.78 -
JiangMin 13.0.900 2012.04.29 2012-04-29 2.32 -
Kaspersky 5.5.10 2012.04.29 2012-04-29 0.23 -
KingSoft 2009.2.5.15 2012.4.29.9 2012-04-29 1.04 -
McAfee 5400.1158 6695 2012-04-28 11.38 -
Microsoft 1.8304 2012.04.29 2012-04-29 10.21 -
NOD32 3.0.21 7095 2012-04-29 0.31 -
Panda 9.05.01 2012.04.28 2012-04-28 2.53 -
Trend Micro 9.500-1005 8.952.02 2012-04-28 0.35 -
Quick Heal 11.00 2012.04.29 2012-04-29 1.07 -
Rising 20.0 24.07.05.02 2012-04-28 0.53 -
Sophos 3.30.0 4.76 2012-04-29 5.62 -
Sunbelt 3.9.2535.2 11854 2012-04-29 0.80 -
Symantec 1.3.0.24 20120428.016 2012-04-28 0.57 -
nProtect 20120428.01 11199676 2012-04-28 1.41 -
The Hacker 6.7.0.1 v00452 2012-04-28 0.60 -
VBA32 3.12.16.4 20120428.0932 2012-04-28 3.65 -
VirusBuster 5.5.0.2 14.2.48.0/8518882 2012-04-28 0.23 -


VirSCAN.org Scanned Report :
Scanned time : 2012/04/29 07:52:21 (EDT)
Scanner results: Scanners did not find malware!
File Name : C8E838E3SD8Empsd43.dat
File Size : 905 byte
File Type : data
MD5 : e815b82ace6bfae34bb1e9275f212cdf
SHA1 : 4b895757c9e145a0e949b9d6a8549a51bc9dc12f
Online report : http://r.virscan.org...a099d03aef18ccf

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120429110331 2012-04-29 8.47 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.08 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.24 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.34 -
Arcavir 2011 201204271537 2012-04-27 4.42 -
Authentium 5.1.1 201204281003 2012-04-28 1.44 -
AVAST! 4.7.4 120429-0 2012-04-29 0.18 -
AVG 12.0.1782 2409/4966 2012-04-29 1.02 -
BitDefender 7.90123.7102813 7.42066 2012-04-28 3.96 -
ClamAV 0.97.3 14858 2012-04-29 0.16 -
Comodo 5.1 12183 2012-04-29 2.52 -
CP Secure 1.3.0.5 2012.04.29 2012-04-29 1.03 -
Dr.Web 7.0.1.2210 2012.04.28 2012-04-28 16.29 -
F-Prot 4.6.2.117 20120428 2012-04-28 1.63 -
F-Secure 7.02.73807 2012.04.29.02 2012-04-29 0.27 -
Fortinet 4.3.392 15.475 2012-04-28 0.16 -
GData 22.4795 20120429 2012-04-29 5.94 -
ViRobot 20120428 2012.04.28 2012-04-28 0.41 -
Ikarus T3.1.32.20.0 2012.04.29.81060 2012-04-29 5.78 -
JiangMin 13.0.900 2012.04.29 2012-04-29 2.32 -
Kaspersky 5.5.10 2012.04.29 2012-04-29 0.23 -
KingSoft 2009.2.5.15 2012.4.29.9 2012-04-29 1.04 -
McAfee 5400.1158 6695 2012-04-28 11.38 -
Microsoft 1.8304 2012.04.29 2012-04-29 10.21 -
NOD32 3.0.21 7095 2012-04-29 0.31 -
Panda 9.05.01 2012.04.28 2012-04-28 2.53 -
Trend Micro 9.500-1005 8.952.02 2012-04-28 0.35 -
Quick Heal 11.00 2012.04.29 2012-04-29 1.07 -
Rising 20.0 24.07.05.02 2012-04-28 0.53 -
Sophos 3.30.0 4.76 2012-04-29 5.62 -
Sunbelt 3.9.2535.2 11854 2012-04-29 0.80 -
Symantec 1.3.0.24 20120428.016 2012-04-28 0.57 -
nProtect 20120428.01 11199676 2012-04-28 1.41 -
The Hacker 6.7.0.1 v00452 2012-04-28 0.60 -
VBA32 3.12.16.4 20120428.0932 2012-04-28 3.65 -
VirusBuster 5.5.0.2 14.2.48.0/8518882 2012-04-28 0.23 -

Edited by KidRoleplay, 29 April 2012 - 10:12 AM.

  • 0

#24
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, do one more quick scan with MSE and MalwareBytes' each. And let me know if either detects viruses/malware.

Also, any problems on your system still?
  • 0

#25
KidRoleplay

KidRoleplay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Neither detected any viruses on their quick scans. My computer's doing fine. :)
  • 0

Advertisements


#26
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java may be out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#27
KidRoleplay

KidRoleplay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL crashed again. :P It doesn't like that "emptytemp", apparently.
  • 0

#28
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Wait a few more minutes even if it seems like it's crashed. Then see if it's crashed for good.
  • 0

#29
KidRoleplay

KidRoleplay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
It did. It gave me the "such and such has performed an illegal operation" window... or "a problem has occurred." Whatever it says. I'm still accustomed to older Windows messages.
  • 0

#30
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
TFC Cleaner works however, right?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP