Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help with removing Trojan Horse and Malware [Solved]


  • This topic is locked This topic is locked

#16
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Sorry, I think I made a little mistake with the last fix <_< . Do this:

Hello

run this fix from safe mode:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    [2012/06/22 16:02:08 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
    [2012/06/22 16:02:08 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

    :Services

    :Reg

    :Files
    C:\Windows\System32\services.exe|C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe /replace
    C:\install.exe
    netsh int ip reset all /c
    netsh winsock reset /c
    ipconfig /flushdns /c

    :Commands
    [purity]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.



Next:

Run this from normal mode:
Posted Image OTL Custom Scan
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    /md5start
    services.exe
    /md5stop

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

Advertisements


#17
Kandi_smoove

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
No worries at least you caught it lol but anyways here is my Safe Mode OLT LOG


========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Unable to replace file: C:\Windows\System32\services.exe with C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe without a reboot.
File\Folder C:\install.exe not found.
< netsh int ip reset all /c >
The following helper DLL cannot be loaded: WSHELPER.DLL.
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Smoove\Desktop\cmd.bat deleted successfully.
C:\Users\Smoove\Desktop\cmd.txt deleted successfully.
< netsh winsock reset /c >
The following helper DLL cannot be loaded: WSHELPER.DLL.
The following command was not found: winsock reset.
C:\Users\Smoove\Desktop\cmd.bat deleted successfully.
C:\Users\Smoove\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Smoove\Desktop\cmd.bat deleted successfully.
C:\Users\Smoove\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Smoove
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Smoove
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.51.0 log created on 06232012_151717

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#18
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
OK, this time it was correct :happy: First we need to correct my mistake:

Open up my computer and go to C:\windows
There should be a folder named Sysnative there and inside it there should be a single file named services.exe
Check if that's the case, and it is then delete the Sysnative folder (send it to the recycle bin)
If that's not the case, meaning if there's no folder named sysnative or if it has more contents in it than just a file named services.exe, don't do anything and post back

Next:

Then we need to check if the fix was successful too:


Run this from normal mode:
Posted Image OTL Custom Scan
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    /md5start
    services.exe
    /md5stop

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#19
Kandi_smoove

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Alright did the scan here's the log and sorry for the delay I had to work today.


OTL logfile created on: 6/23/2012 10:06:04 PM - Run 6
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Smoove\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 57.01% Memory free
7.49 Gb Paging File | 5.52 Gb Available in Paging File | 73.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.35 Gb Total Space | 44.88 Gb Free Space | 9.94% Space Free | Partition Type: NTFS
Drive D: | 14.12 Gb Total Space | 1.76 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive G: | 99.02 Mb Total Space | 90.89 Mb Free Space | 91.78% Space Free | Partition Type: FAT32

Computer Name: DERP-HP | User Name: Smoove | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 19:50:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Smoove\Desktop\OTL.exe
PRC - [2012/04/17 08:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/31 13:09:53 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 01:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 01:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 01:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 01:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 01:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 01:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 01:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2011/07/30 02:32:58 | 000,137,216 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\plugin\download_helper.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/11 14:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/09/28 10:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/06 18:29:11 | 000,276,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/09 23:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/31 13:09:53 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/17 00:06:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/11 14:13:38 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/28 10:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 09:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/03 01:05:24 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/31 13:13:41 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/31 13:09:53 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/07/06 18:29:11 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/23 02:44:31 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/28 13:37:56 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/06/28 13:37:36 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/06/28 13:33:17 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/28 13:32:36 | 000,020,048 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/06/17 06:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/05/15 11:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 11:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/06 06:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/29 05:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Smoove\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Smoove\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Download Helper (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\plugin/download_helper.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Smoove\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Theme Creator = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc\2.4_0\
CHR - Extension: AdBlock = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
CHR - Extension: Poppit = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Download Assistant = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\
CHR - Extension: ChromeTheme = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\npheankbbofjggkjcipfdmpkpbepomol\1_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3194376446-2550877727-52018730-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3194376446-2550877727-52018730-1002..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F1908BC-BBCE-48CD-A2A7-86145F560170}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F1908BC-BBCE-48CD-A2A7-86145F560170}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C0339D4-C247-4D7B-A87E-D90DCDC5CCA3}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 21:56:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/22 21:54:35 | 004,565,299 | R--- | C] (Swearware) -- C:\Users\Smoove\Desktop\explorer.com
[2012/06/22 03:04:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 03:03:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 03:03:10 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/22 02:50:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 20:38:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Smoove\Desktop\aswMBR.exe
[2012/06/21 19:50:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Smoove\Desktop\OTL.exe
[2012/06/21 19:43:02 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 19:43:02 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 19:43:02 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 19:42:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 19:42:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 19:42:30 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 19:42:02 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 19:42:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/19 03:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/19 03:58:31 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/19 03:58:30 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/19 03:58:24 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/06/19 03:58:21 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/19 03:58:16 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/19 03:57:40 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2012/06/19 03:57:38 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/19 03:27:44 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/19 03:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/06/19 03:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/06/13 00:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/13 00:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/12 23:51:41 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Smoove\Documents\spybotsd162.exe
[2012/06/12 15:12:19 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/12 15:12:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/12 15:12:07 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/12 15:12:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/12 15:12:02 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/12 15:12:00 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/12 15:12:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/12 15:11:58 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/12 15:11:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/12 15:11:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 15:11:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 15:11:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 15:11:39 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 15:11:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 15:11:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/12 15:11:07 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/12 15:11:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 15:11:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/03 17:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/03 17:32:47 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/06/03 17:32:47 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/06/03 17:32:47 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/06/03 17:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/03 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/03 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/03 17:26:25 | 076,761,968 | ---- | C] (Apple Inc.) -- C:\Users\Smoove\Documents\iTunes64Setup.exe
[2012/06/03 17:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/03 17:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/26 00:26:56 | 000,000,000 | ---D | C] -- C:\Users\Smoove\Desktop\Underworld.Awakening
[2012/05/26 00:23:48 | 000,000,000 | ---D | C] -- C:\Users\Smoove\Desktop\Immortals

========== Files - Modified Within 30 Days ==========

[2012/06/23 22:09:24 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/06/23 22:00:05 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3194376446-2550877727-52018730-1002Core.job
[2012/06/23 21:59:40 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3194376446-2550877727-52018730-1002UA.job
[2012/06/23 21:59:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 15:26:06 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 15:26:06 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 15:17:51 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 21:54:49 | 004,565,299 | R--- | M] (Swearware) -- C:\Users\Smoove\Desktop\explorer.com
[2012/06/22 03:04:34 | 000,000,332 | ---- | M] () -- C:\Start_.cmd
[2012/06/21 21:32:57 | 000,000,622 | ---- | M] () -- C:\Users\Smoove\Desktop\MBR.zip
[2012/06/21 21:27:48 | 000,000,512 | ---- | M] () -- C:\Users\Smoove\Desktop\MBR.dat
[2012/06/21 20:40:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Smoove\Desktop\aswMBR.exe
[2012/06/21 19:50:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Smoove\Desktop\OTL.exe
[2012/06/21 19:35:27 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSmoove.job
[2012/06/19 03:58:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/17 23:51:22 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDERP-HP$.job
[2012/06/17 19:32:35 | 000,007,680 | ---- | M] () -- C:\Users\Smoove\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/13 04:17:59 | 000,276,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 01:22:28 | 000,741,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/13 01:22:28 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/13 01:22:28 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/12 23:52:30 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Smoove\Documents\spybotsd162.exe
[2012/06/03 17:32:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/03 17:28:41 | 076,761,968 | ---- | M] (Apple Inc.) -- C:\Users\Smoove\Documents\iTunes64Setup.exe
[2012/06/02 15:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 15:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 15:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 15:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 15:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

========== Files Created - No Company Name ==========

[2012/06/22 03:04:34 | 000,000,332 | ---- | C] () -- C:\Start_.cmd
[2012/06/21 21:32:57 | 000,000,622 | ---- | C] () -- C:\Users\Smoove\Desktop\MBR.zip
[2012/06/21 21:27:48 | 000,000,512 | ---- | C] () -- C:\Users\Smoove\Desktop\MBR.dat
[2012/06/19 03:16:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/13 14:25:42 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSmoove.job
[2012/06/03 17:32:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/20 17:47:03 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/04/20 17:47:03 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/04/20 17:47:03 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/04/20 17:39:57 | 000,039,806 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012/04/13 16:36:14 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/03/02 00:50:58 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/20 13:39:52 | 000,743,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/17 20:14:05 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/17 20:14:05 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2011/08/31 13:14:26 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/07/27 03:14:35 | 000,007,680 | ---- | C] () -- C:\Users\Smoove\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 02:46:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/08 18:51:01 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/05/12 02:07:23 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\.minecraft
[2011/06/16 23:43:19 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\AnvSoft
[2012/03/02 02:22:41 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\DAEMON Tools Lite
[2011/10/22 04:29:09 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\FrostWire
[2011/04/11 21:14:07 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\IrfanView
[2012/02/27 14:41:44 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\Leadertech
[2011/04/12 08:55:41 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\PictureMover
[2012/05/06 00:04:03 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\Rovio
[2012/05/22 14:34:26 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\runic games
[2012/02/27 02:03:27 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\SoftGrid Client
[2011/04/12 08:54:36 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\Synaptics
[2012/01/20 13:41:01 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\TP
[2012/06/21 22:28:38 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\uTorrent
[2012/05/25 12:50:35 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\$Recycle.Bin\S-1-5-21-3194376446-2550877727-52018730-1002\$RR5V09W\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysWOW64\services.exe
[2009/07/13 18:39:37 | 000,329,216 | ---- | M] (Microsoft Corporation) MD5=50BEA589F7D7958BDD2528A8F69D05CC -- C:\Windows\SysNative\services.exe

< End of report >
  • 0

#20
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    move C:\Windows\SysWOW64\services.exe C:\services.exe /c

  • Then click the Run Fix button at the top



After this, a file named services.exe should appear at C:\. Check if that's the case. If not, stop here and tell me


Next:

  • Shut down the computer
  • Press the power button to power it up and begin pressing the F8 button continuously until you see this screen:
    Posted Image
  • Select Repair Your Computer
  • This screen should appear after some loading:
    Posted Image
  • Note the letter of your windows drive at the top of the window, where it says Operating System: Microsoft Windows on ([Drive_Letter]:) Local Disk -- in this case it's D:
  • Select Command Prompt
  • In the black box type:

    cd /D D:\windows\system32

  • Where the bold drive D: is the letter of your windows drive
  • The prompt should change to D:\windows\system32. If not, stop here and tell me
  • Type:

    ren services.exe services.old
    copy D:\services.exe services.exe

  • Where the bold drive D: is the letter of your windows drive
  • Exit the command prompt and press Restart


Next:

Run this from normal mode:
Posted Image OTL Custom Scan
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    /md5start
    services.exe
    /md5stop

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#21
Kandi_smoove

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ran the fix but there is no services.exe in C:\ here is the log


========== FILES ==========
< move C:\Windows\SysWOW64\services.exe C:\services.exe /c >
0 file(s) moved.
C:\Users\Smoove\Desktop\cmd.bat deleted successfully.
C:\Users\Smoove\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.51.0 log created on 06242012_041224
  • 0

#22
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Do this instead:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    copy C:\$Recycle.Bin\S-1-5-21-3194376446-2550877727-52018730-1002\$RR5V09W\services.exe C:\services.exe /c

  • Then click the Run Fix button at the top

Continue from there
  • 0

#23
Kandi_smoove

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I did the OLT fix and the sevices.exe showed up and then I began on the system repair and command prompt but when I did
ren services.exe services.old
copy D:\services.exe services.exe
it said specified file not found so I backed out and had to do system recovery because it wouldn't start up normally :(
  • 0

#24
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
It won't start normally because we renamed services.exe. It's not damaged, we can just rename it back, but try that first:

While in command prompt of repair your computer, type dir D:\ and make sure that there is a file named services.exe there listed. If not, then that's not the windows drive. You need to determine the windows drive letter as before.

If there is a file named services.exe listed, then type this again and tell me the output:

copy D:\services.exe D:\windows\system32\services.exe

If D: isn't your windows drive, adjust that command properly like this:

copy [windows_drive_letter]:\services.exe [windows_drive_letter]:\windows\system32\services.exe

It should work if you see services.exe listed at step 1

I'll be waiting here to see the results
  • 0

#25
Kandi_smoove

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
When I do step 1 some things will pop up but no services.exe and when I try doing step 2 it says The system cannot find the path specified.

It does say operating windows 7 on(D:)local disk at the top of system recovery options,so I think it is my windows drive. thank you for your patience

Edited by Kandi_smoove, 24 June 2012 - 05:56 PM.

  • 0

Advertisements


#26
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Can you please tell me what items appear when you do step 1?
Thanks
  • 0

#27
Kandi_smoove

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ok when i type dir D:\ it says

apploc.msi
Combofix
Downloads
eula.1028.txt
eula.1031.txt
eula.1033.txt
eula.1036.txt
eula.1040.txt
eula.1041.txt
eula.1042.txt
eula.2052.txt
eula.3082.txt
extensions
globdata.ini
install.exe
install.ini
install.res.1028.dll
install.res.1031.dll
install.res.1033.dll
install.res.1036.dll
install.res.1040.dll
install.res.1041.dll
install.res.1042.dll
install.res.2052.dll
install.res.3082.dll
KISS
PerfLogs
Program Files
Program Files <x86>
Qoobox
SwSetup
Users
vcredist.bmp
VC_RED.cab
VC_RED.MSI
windows
_OLT

That is all the files that show up I can add in the numbers and stuff if you need them as well.
  • 0

#28
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
Hmm.. You said that after the OTL fix services.exe appeared at the root of the drive right? It's not there now so do this:

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open. We now have a fully functional windows explorer :happy:
[*]At the bottom where it says Files of type: select All Files
[*]Select "Computer" and open your flash drive.
[*]Right click frst64.exe and click open
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]When the scan finishes, click OK to the pop up
[*]Type the following in the edit box after "Search:".

services.exe

[*]Click Search button and wait for it to finish.
[*]It will create two logs (FRST.txt and search.txt) on the flash drive. Please copy and paste them to your reply.[/list]
  • 0

#29
Kandi_smoove

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Here are the logs

Scan result of Farbar Recovery Scan Tool Version: 24-06-2012
Ran by SYSTEM at 25-06-2012 04:07:58
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-08-31] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-07-06] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [2837864 2010-06-28] (AVAST Software)
HKU\Smoove\...\Run: [Google Update] "C:\Users\Smoove\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-12] (Google Inc.)
HKU\Smoove\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Smoove\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\Windows\system32\guard64.dll
Tcpip\..\Interfaces\{2F1908BC-BBCE-48CD-A2A7-86145F560170}: [NameServer]8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{5C0339D4-C247-4D7B-A87E-D90DCDC5CCA3}: [NameServer]8.26.56.26,156.154.70.22
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Services (Whitelisted) ======

2 AMD Reservation Manager; "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [194496 2010-06-17] (Advanced Micro Devices)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-06-28] (AVAST Software)
3 avast! Mail Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-06-28] (AVAST Software)
3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-06-28] (AVAST Software)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [35200 2012-03-05] (Hewlett-Packard Development Company, L.P.)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [351232 2010-11-20] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-06-28] (ALWIL Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [61008 2010-06-28] (ALWIL Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-06-28] (ALWIL Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-06-28] (ALWIL Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-06-28] (ALWIL Software)
3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2010-12-10] (CyberLink Corporation)
1 cmderd; C:\Windows\System32\Drivers\cmderd.sys [22696 2012-03-11] (COMODO)
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2012-03-11] (COMODO)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-16] (DT Soft Ltd)
1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-24 16:39 - 2012-06-25 01:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-24 16:39 - 2012-06-24 16:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-24 16:39 - 2012-06-24 16:39 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-24 03:52 - 2012-06-24 03:52 - 293849311 ____A C:\Windows\MEMORY.DMP
2012-06-24 03:52 - 2012-06-24 03:52 - 00274400 ____A C:\Windows\Minidump\062412-42713-01.dmp
2012-06-24 03:52 - 2012-06-24 03:52 - 00000000 ____D C:\Windows\Minidump
2012-06-24 01:43 - 2012-06-24 01:43 - 00366988 ____A C:\Users\Smoove\Downloads\1340530420932.gif
2012-06-22 20:56 - 2012-06-24 04:50 - 00000000 ____D C:\ComboFix
2012-06-22 02:04 - 2012-06-22 02:04 - 00000000 ____D C:\Qoobox
2012-06-22 02:03 - 2012-06-24 04:50 - 00000000 ___SD C:\32788R22FWJFW
2012-06-22 02:03 - 2012-06-22 02:03 - 00000000 ____D C:\Windows\erdnt
2012-06-22 01:50 - 2012-06-22 01:50 - 00000000 ____D C:\_OTL
2012-06-21 21:28 - 2012-06-21 21:28 - 355013599 ____A C:\Users\Smoove\Downloads\[yibis]_One_Piece_551_[720p][22414C10].mkv
2012-06-21 20:32 - 2012-06-21 20:32 - 00000622 ____A C:\Users\Smoove\Desktop\MBR.zip
2012-06-21 20:27 - 2012-06-21 20:27 - 00002388 ____A C:\Users\Smoove\Desktop\aswMBR.txt
2012-06-21 20:27 - 2012-06-21 20:27 - 00000512 ____A C:\Users\Smoove\Desktop\MBR.dat
2012-06-21 19:34 - 2012-06-21 19:34 - 00066222 ____A C:\Users\Smoove\Desktop\Extras.Txt
2012-06-21 19:32 - 2012-06-23 21:15 - 00097584 ____A C:\Users\Smoove\Desktop\OTL.Txt
2012-06-21 18:50 - 2012-06-21 18:50 - 00595968 ____A (OldTimer Tools) C:\Users\Smoove\Desktop\OTL.exe
2012-06-21 18:43 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 18:43 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 18:43 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 18:43 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 18:42 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 18:42 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 18:42 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 18:42 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 18:42 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 17:26 - 2012-06-20 17:32 - 00000000 ____D C:\Users\Smoove\Downloads\Octomom - Becoming Nadya
2012-06-20 17:06 - 2012-06-20 17:06 - 00000000 ____D C:\Users\Smoove\Downloads\Hitomi_Tanaka_-_Bursting_Tits_Instructor_2012_DVDRip_CENSORED
2012-06-19 19:53 - 2012-06-19 20:06 - 00000000 ____D C:\Users\Smoove\Downloads\(CROSS)(DAS)(OPPAI) 12-01-2011
2012-06-19 19:39 - 2012-06-19 19:40 - 00000000 ____D C:\Users\Smoove\Downloads\SSPD-077
2012-06-19 15:15 - 2012-06-19 15:15 - 01102163 ____A C:\Users\Smoove\Downloads\An Epic tale of Man's journey to find himself.swf
2012-06-19 04:38 - 2012-06-21 21:18 - 00000000 ____D C:\Users\Smoove\Downloads\Hitomi Tanaka
2012-06-19 02:58 - 2010-06-28 12:37 - 00121936 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswSP.sys
2012-06-19 02:58 - 2010-06-28 12:37 - 00051280 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-06-19 02:58 - 2010-06-28 12:33 - 00061008 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-06-19 02:58 - 2010-06-28 12:33 - 00028752 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-06-19 02:58 - 2010-06-28 12:32 - 00020048 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-19 02:57 - 2012-03-06 16:15 - 00201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-06-19 02:57 - 2012-03-06 16:15 - 00041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-19 02:27 - 2012-03-06 16:15 - 00258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-19 02:16 - 2012-06-19 02:58 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-19 02:15 - 2012-06-19 02:15 - 00000000 ____D C:\Users\All Users\Alwil Software
2012-06-19 02:15 - 2012-06-19 02:15 - 00000000 ____D C:\Program Files\Alwil Software
2012-06-19 02:08 - 2012-06-24 04:51 - 00000000 ____D C:\Users\Smoove\Documents\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
2012-06-18 20:33 - 2012-06-18 21:41 - 252741870 ____A C:\Users\Smoove\Downloads\mc10378_800.mp4
2012-06-16 21:46 - 2012-06-16 21:46 - 00030391 ____A C:\Users\Smoove\Downloads\double-wires.swf
2012-06-16 21:43 - 2012-06-17 17:36 - 362208727 ____A C:\Users\Smoove\Downloads\9419_02_big.mp4
2012-06-15 15:37 - 2012-06-16 00:05 - 483843162 ____A C:\Users\Smoove\Downloads\bmf Charity Bangs.wmv
2012-06-14 21:01 - 2012-06-14 21:02 - 06099903 ____A C:\Users\Smoove\Downloads\Natsume 2 - Sylvanas.swf
2012-06-13 22:23 - 2012-06-14 16:15 - 266034254 ____A C:\Users\Smoove\Downloads\tlib_allie_james-sd169.mp4
2012-06-13 21:26 - 2012-06-13 21:27 - 01367407 ____A C:\Users\Smoove\Downloads\SuperDeepthroat1_16b.swf
2012-06-13 13:25 - 2012-06-21 18:35 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForSmoove.job
2012-06-12 23:48 - 2012-06-24 04:51 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-12 23:03 - 2012-06-19 02:47 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-12 23:03 - 2012-06-19 02:47 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-12 22:51 - 2012-06-12 22:52 - 16409960 ____A (Safer Networking Limited ) C:\Users\Smoove\Documents\spybotsd162.exe
2012-06-12 14:46 - 2012-06-17 21:16 - 00000000 ____D C:\Users\Smoove\Downloads\Pound.The.Round.POV.10
2012-06-12 14:21 - 2012-06-12 14:21 - 05645990 ____A C:\Users\Smoove\Downloads\excuseme.swf
2012-06-12 14:12 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 14:12 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 14:12 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 14:12 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 14:12 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 14:12 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 14:12 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-12 14:12 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 14:12 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 14:12 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 14:12 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 14:12 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-12 14:12 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 14:12 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 14:12 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 14:12 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 14:12 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 14:12 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 14:11 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 14:11 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 14:11 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 14:11 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 14:11 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 14:11 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 14:11 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 14:11 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 14:11 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 14:11 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 14:11 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 14:11 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 14:11 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 14:11 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 14:11 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 14:11 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 14:11 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 14:11 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 14:11 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 14:11 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 14:11 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 14:11 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 14:11 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 21:20 - 2012-06-14 15:51 - 00000000 ____D C:\Users\Smoove\Downloads\Monsters.Of.[bleep].-.Aiden.Starr
2012-06-09 20:41 - 2012-06-10 03:06 - 575988823 ____A C:\Users\Smoove\Downloads\btcp10291_1500.mp4
2012-06-08 21:53 - 2012-06-08 22:31 - 00000000 ____D C:\Users\Smoove\Downloads\Mal Malloy
2012-06-03 16:32 - 2012-06-03 16:32 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-03 16:32 - 2012-06-03 16:32 - 00000000 ____D C:\Program Files\iTunes
2012-06-03 16:32 - 2012-06-03 16:32 - 00000000 ____D C:\Program Files\iPod
2012-06-03 16:32 - 2012-06-03 16:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-03 16:32 - 2009-05-18 12:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-06-03 16:32 - 2008-04-17 11:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-06-03 16:32 - 2008-04-17 11:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-06-03 16:26 - 2012-06-03 16:28 - 76761968 ____A (Apple Inc.) C:\Users\Smoove\Documents\iTunes64Setup.exe
2012-06-03 16:13 - 2012-06-03 16:13 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-01 19:16 - 2012-06-01 22:14 - 00000000 ____D C:\Users\Smoove\Downloads\Big.[bleep].Ventures.In.Miami.XXX.DVDRip.XviD-Pr0nStarS
2012-06-01 19:12 - 2012-06-01 23:53 - 699344306 ____A C:\Users\Smoove\Downloads\ktr.kg.12.05.31.paige.turnah.hot.for.black.[bleep].mp4
2012-05-27 12:16 - 2012-05-27 12:16 - 00000000 ____D C:\Users\Smoove\Downloads\0--120430-1A-RJ093336


============ 3 Months Modified Files and Folders =============

2012-06-25 04:08 - 2012-06-25 04:07 - 00000000 ____D C:\FRST
2012-06-25 01:57 - 2011-04-11 20:06 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2012-06-25 01:57 - 2011-03-23 01:44 - 01462497 ____A C:\Windows\WindowsUpdate.log
2012-06-25 01:57 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-25 01:57 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-25 01:54 - 2012-06-24 16:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-25 01:53 - 2011-04-12 07:56 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3194376446-2550877727-52018730-1002UA.job
2012-06-25 01:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-25 01:50 - 2009-07-13 20:51 - 00076408 ____A C:\Windows\setupact.log
2012-06-24 16:39 - 2012-06-24 16:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-24 16:39 - 2012-06-24 16:39 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-24 16:39 - 2011-10-21 14:35 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-24 04:51 - 2012-06-19 02:08 - 00000000 ____D C:\Users\Smoove\Documents\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
2012-06-24 04:51 - 2012-06-12 23:48 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-24 04:51 - 2011-04-11 20:35 - 00000000 ____D C:\Users\Smoove\AppData\Roaming\vlc
2012-06-24 04:51 - 2011-04-11 20:09 - 00000000 ____D C:\Users\Smoove\AppData\Roaming\uTorrent
2012-06-24 04:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-24 04:50 - 2012-06-22 20:56 - 00000000 ____D C:\ComboFix
2012-06-24 04:50 - 2012-06-22 02:03 - 00000000 ___SD C:\32788R22FWJFW
2012-06-24 04:50 - 2012-06-22 02:03 - 00000000 ____D C:\Windows\erdnt
2012-06-24 04:50 - 2011-10-21 14:35 - 00000000 ____D C:\Users\Smoove\AppData\Roaming\Yahoo!
2012-06-24 04:50 - 2011-10-21 14:35 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2012-06-24 04:50 - 2011-10-21 14:30 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2012-06-24 04:50 - 2011-04-11 20:14 - 00000000 ____D C:\Users\Smoove\AppData\Roaming\IrfanView
2012-06-24 04:50 - 2011-04-11 20:11 - 00000000 ____D C:\Program Files (x86)\ConduitEngine
2012-06-24 04:50 - 2011-04-11 20:11 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-06-24 04:50 - 2011-03-23 01:32 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-24 04:50 - 2011-01-08 17:34 - 00000000 ____D C:\Users\All Users\RoxioNow
2012-06-24 04:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-24 03:56 - 2011-04-12 07:46 - 00000000 ____D C:\users\Smoove
2012-06-24 03:52 - 2012-06-24 03:52 - 293849311 ____A C:\Windows\MEMORY.DMP
2012-06-24 03:52 - 2012-06-24 03:52 - 00274400 ____A C:\Windows\Minidump\062412-42713-01.dmp
2012-06-24 03:52 - 2012-06-24 03:52 - 00000000 ____D C:\Windows\Minidump
2012-06-24 01:43 - 2012-06-24 01:43 - 00366988 ____A C:\Users\Smoove\Downloads\1340530420932.gif
2012-06-23 21:15 - 2012-06-21 19:32 - 00097584 ____A C:\Users\Smoove\Desktop\OTL.Txt
2012-06-22 02:04 - 2012-06-22 02:04 - 00000000 ____D C:\Qoobox
2012-06-22 01:50 - 2012-06-22 01:50 - 00000000 ____D C:\_OTL
2012-06-21 21:28 - 2012-06-21 21:28 - 355013599 ____A C:\Users\Smoove\Downloads\[yibis]_One_Piece_551_[720p][22414C10].mkv
2012-06-21 21:18 - 2012-06-19 04:38 - 00000000 ____D C:\Users\Smoove\Downloads\Hitomi Tanaka
2012-06-21 20:32 - 2012-06-21 20:32 - 00000622 ____A C:\Users\Smoove\Desktop\MBR.zip
2012-06-21 20:27 - 2012-06-21 20:27 - 00002388 ____A C:\Users\Smoove\Desktop\aswMBR.txt
2012-06-21 20:27 - 2012-06-21 20:27 - 00000512 ____A C:\Users\Smoove\Desktop\MBR.dat
2012-06-21 19:34 - 2012-06-21 19:34 - 00066222 ____A C:\Users\Smoove\Desktop\Extras.Txt
2012-06-21 18:50 - 2012-06-21 18:50 - 00595968 ____A (OldTimer Tools) C:\Users\Smoove\Desktop\OTL.exe
2012-06-21 18:35 - 2012-06-13 13:25 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForSmoove.job
2012-06-20 17:32 - 2012-06-20 17:26 - 00000000 ____D C:\Users\Smoove\Downloads\Octomom - Becoming Nadya
2012-06-20 17:06 - 2012-06-20 17:06 - 00000000 ____D C:\Users\Smoove\Downloads\Hitomi_Tanaka_-_Bursting_Tits_Instructor_2012_DVDRip_CENSORED
2012-06-20 15:33 - 2011-04-13 14:04 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-20 15:20 - 2011-03-23 01:46 - 00584474 ____A C:\Windows\PFRO.log
2012-06-19 20:06 - 2012-06-19 19:53 - 00000000 ____D C:\Users\Smoove\Downloads\(CROSS)(DAS)(OPPAI) 12-01-2011
2012-06-19 19:40 - 2012-06-19 19:39 - 00000000 ____D C:\Users\Smoove\Downloads\SSPD-077
2012-06-19 15:15 - 2012-06-19 15:15 - 01102163 ____A C:\Users\Smoove\Downloads\An Epic tale of Man's journey to find himself.swf
2012-06-19 14:53 - 2011-04-12 07:56 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3194376446-2550877727-52018730-1002Core.job
2012-06-19 04:55 - 2011-04-11 20:12 - 00000000 ____D C:\Users\Smoove\Desktop\Icons
2012-06-19 02:58 - 2012-06-19 02:16 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-19 02:47 - 2012-06-12 23:03 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-19 02:47 - 2012-06-12 23:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-19 02:15 - 2012-06-19 02:15 - 00000000 ____D C:\Users\All Users\Alwil Software
2012-06-19 02:15 - 2012-06-19 02:15 - 00000000 ____D C:\Program Files\Alwil Software
2012-06-18 21:41 - 2012-06-18 20:33 - 252741870 ____A C:\Users\Smoove\Downloads\mc10378_800.mp4
2012-06-18 20:03 - 2012-02-13 14:24 - 00000000 ____D C:\Users\Smoove\Downloads\fap
2012-06-17 22:51 - 2011-04-22 12:01 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForDERP-HP$.job
2012-06-17 21:16 - 2012-06-12 14:46 - 00000000 ____D C:\Users\Smoove\Downloads\Pound.The.Round.POV.10
2012-06-17 18:32 - 2011-07-27 02:14 - 00007680 ____A C:\Users\Smoove\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-17 17:36 - 2012-06-16 21:43 - 362208727 ____A C:\Users\Smoove\Downloads\9419_02_big.mp4
2012-06-16 21:46 - 2012-06-16 21:46 - 00030391 ____A C:\Users\Smoove\Downloads\double-wires.swf
2012-06-16 00:05 - 2012-06-15 15:37 - 483843162 ____A C:\Users\Smoove\Downloads\bmf Charity Bangs.wmv
2012-06-14 21:02 - 2012-06-14 21:01 - 06099903 ____A C:\Users\Smoove\Downloads\Natsume 2 - Sylvanas.swf
2012-06-14 16:15 - 2012-06-13 22:23 - 266034254 ____A C:\Users\Smoove\Downloads\tlib_allie_james-sd169.mp4
2012-06-14 15:51 - 2012-06-11 21:20 - 00000000 ____D C:\Users\Smoove\Downloads\Monsters.Of.[bleep].-.Aiden.Starr
2012-06-13 13:19 - 2011-11-02 14:14 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-06-13 03:17 - 2009-07-13 20:45 - 00276072 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 00:22 - 2009-07-13 21:13 - 00741704 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-13 00:17 - 2011-04-16 19:41 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 22:52 - 2012-06-12 22:51 - 16409960 ____A (Safer Networking Limited ) C:\Users\Smoove\Documents\spybotsd162.exe
2012-06-12 14:21 - 2012-06-12 14:21 - 05645990 ____A C:\Users\Smoove\Downloads\excuseme.swf
2012-06-11 21:26 - 2011-04-11 21:24 - 00000685 ____A C:\Users\Smoove\Documents\List of stars.txt
2012-06-11 18:43 - 2011-12-04 18:38 - 00000000 ____D C:\Users\Smoove\Desktop\One Piece
2012-06-10 03:06 - 2012-06-09 20:41 - 575988823 ____A C:\Users\Smoove\Downloads\btcp10291_1500.mp4
2012-06-08 22:31 - 2012-06-08 21:53 - 00000000 ____D C:\Users\Smoove\Downloads\Mal Malloy
2012-06-03 16:32 - 2012-06-03 16:32 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-03 16:32 - 2012-06-03 16:32 - 00000000 ____D C:\Program Files\iTunes
2012-06-03 16:32 - 2012-06-03 16:32 - 00000000 ____D C:\Program Files\iPod
2012-06-03 16:32 - 2012-06-03 16:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-03 16:28 - 2012-06-03 16:26 - 76761968 ____A (Apple Inc.) C:\Users\Smoove\Documents\iTunes64Setup.exe
2012-06-03 16:13 - 2012-06-03 16:13 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-06-02 14:19 - 2012-06-21 18:43 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 18:43 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 18:43 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 18:42 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 18:42 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 18:42 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 18:43 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 18:42 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 18:42 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 01:39 - 2011-01-08 17:41 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-05-31 01:39 - 2011-01-08 17:24 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-05-31 01:38 - 2009-09-06 16:40 - 00000000 ____D C:\SwSetup
2012-05-28 20:36 - 2012-05-06 12:08 - 00000000 ____D C:\Users\Smoove\Downloads\[hshare.net].FFXII.Dalmascan.Knight.[RAW].[3D]
2012-05-28 15:28 - 2011-04-11 21:24 - 00000000 ____D C:\Users\Smoove\Desktop\HERP
2012-05-27 12:16 - 2012-05-27 12:16 - 00000000 ____D C:\Users\Smoove\Downloads\0--120430-1A-RJ093336
2012-05-26 12:50 - 2012-05-25 23:26 - 00000000 ____D C:\Users\Smoove\Desktop\Underworld.Awakening
2012-05-26 10:24 - 2012-05-20 21:27 - 00000000 ____D C:\Users\Smoove\Downloads\human
2012-05-26 01:05 - 2012-05-25 23:23 - 00000000 ____D C:\Users\Smoove\Desktop\Immortals
2012-05-25 11:50 - 2009-07-13 21:08 - 00032626 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-23 14:46 - 2012-05-23 02:48 - 00000000 ____D C:\Users\Smoove\Downloads\Big.And.Real.3.XXX.DVDRip.XviD-Jiggly
2012-05-22 13:34 - 2012-05-16 23:38 - 00000000 ____D C:\Users\Smoove\AppData\Roaming\runic games
2012-05-22 13:34 - 2012-05-16 23:32 - 00000000 ____D C:\Program Files (x86)\Runic Games
2012-05-20 02:36 - 2012-05-20 02:36 - 00000000 ____D C:\Users\Smoove\Documents\Diablo III
2012-05-20 02:35 - 2012-05-19 22:45 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-05-19 22:45 - 2012-05-19 22:45 - 00001189 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-19 22:45 - 2012-05-19 22:45 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-19 22:30 - 2012-05-19 22:28 - 00000000 ____D C:\Users\All Users\Battle.net
2012-05-19 22:25 - 2012-05-19 22:11 - 32288896 ____A (Blizzard Entertainment) C:\Users\Smoove\Documents\Diablo-III-Setup-enUS.exe
2012-05-19 21:35 - 2012-05-19 21:35 - 00000069 ____A C:\Users\Smoove\Documents\BATTLENET.txt
2012-05-16 23:31 - 2011-04-11 20:37 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-05-16 23:06 - 2012-05-16 23:06 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-16 23:06 - 2012-05-16 23:06 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-05-16 00:34 - 2012-05-02 13:18 - 00000000 ____D C:\Users\Smoove\Desktop\Tengen_Toppa_Gurren_Lagann_1-27-HD
2012-05-14 20:01 - 2012-06-12 14:12 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-12 14:11 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-12 14:12 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-12 14:11 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-12 14:11 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 15:18 - 2012-05-13 15:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-05-13 11:24 - 2012-05-13 11:16 - 10850212 ____A C:\Users\Smoove\Downloads\4645.flv
2012-05-12 01:07 - 2012-05-12 00:09 - 00000000 ____D C:\Users\Smoove\AppData\Roaming\.minecraft
2012-05-11 23:27 - 2011-04-11 20:11 - 00000943 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-11 23:27 - 2011-04-11 20:11 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-10 20:03 - 2011-01-08 17:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 14:14 - 2011-10-06 15:52 - 00000000 ____D C:\Users\Smoove\Downloads\Bang bros stuff
2012-05-10 13:56 - 2012-05-05 23:46 - 00000000 ____D C:\Users\Smoove\Downloads\Sasha Grey
2012-05-08 18:28 - 2012-05-08 17:08 - 297441516 ____A C:\Users\Smoove\Downloads\Big Oiled Up Asses 4 - Sophie Dee.avi
2012-05-07 11:36 - 2012-04-20 16:34 - 00000000 ____D C:\Program Files (x86)\Diablo II
2012-05-06 02:01 - 2012-05-06 02:01 - 00000000 ____D C:\Users\Smoove\Documents\Amnesia
2012-05-06 01:50 - 2012-05-05 23:02 - 00000000 ____D C:\Users\Smoove\Documents\Amnesia.The.Dark.Descent-SKIDROW
2012-05-05 23:08 - 2012-05-05 23:08 - 00000000 ____D C:\Program Files (x86)\Rovio
2012-05-05 23:04 - 2012-05-05 23:04 - 00000000 ____D C:\Users\Smoove\AppData\Roaming\Rovio
2012-05-05 13:03 - 2012-05-05 13:03 - 03408653 ____A C:\Users\Smoove\Downloads\baer.swf
2012-05-04 03:06 - 2012-06-12 14:11 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 14:11 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 14:11 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-12 14:11 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-12 14:11 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 15:08 - 2012-04-26 23:14 - 426949577 ____A C:\Users\Smoove\Downloads\BigNaturals Erin Banks porn4all.mp4
2012-04-27 13:48 - 2012-04-26 00:58 - 00000000 ____D C:\Users\Smoove\Desktop\Fairy tail
2012-04-26 23:57 - 2011-04-12 21:50 - 00000000 ____D C:\Users\Smoove\Desktop\Naruto Shippuden
2012-04-26 22:13 - 2011-10-06 13:31 - 00000000 ____D C:\Users\Smoove\Downloads\Blacks on Blondes
2012-04-25 21:41 - 2012-06-12 14:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 14:11 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 14:11 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-12 14:11 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 14:11 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 14:11 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 14:11 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 14:11 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 14:11 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-21 19:52 - 2012-04-21 19:34 - 00000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-04-20 21:26 - 2012-04-20 21:26 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2012-04-20 21:26 - 2012-04-20 21:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2012-04-20 21:26 - 2012-04-20 21:26 - 00000000 ____D C:\Program Files (x86)\Hero Editor
2012-04-20 21:25 - 2012-04-20 21:25 - 00000000 ____D C:\Users\Smoove\Documents\MoFunZone.com--diablo_2_lord_of_destruction_v1_11b_hero_editor_95
2012-04-20 16:52 - 2012-04-20 13:57 - 00000000 ____D C:\Users\Smoove\Documents\Diablo 2 Full
2012-04-20 16:50 - 2012-04-20 16:39 - 00039806 ____A C:\Windows\DIIUnin.dat
2012-04-20 16:47 - 2012-04-20 16:47 - 00021840 ____A C:\Windows\SysWOW64\SIntfNT.dll
2012-04-20 16:47 - 2012-04-20 16:47 - 00017212 ____A C:\Windows\SysWOW64\SIntf32.dll
2012-04-20 16:47 - 2012-04-20 16:47 - 00012067 ____A C:\Windows\SysWOW64\SIntf16.dll
2012-04-20 16:45 - 2012-04-20 16:45 - 00001901 ____A C:\Users\Smoove\Desktop\Diablo II - Lord of Destruction.lnk
2012-04-20 16:39 - 2012-04-20 16:39 - 00094208 ____A (Blizzard Entertainment) C:\Windows\DIIUnin.exe
2012-04-20 16:39 - 2012-04-20 16:39 - 00002829 ____A C:\Windows\DIIUnin.pif
2012-04-19 21:42 - 2012-06-12 14:12 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-12 14:12 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-12 14:12 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-12 14:12 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-12 14:12 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-12 14:12 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-12 14:12 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:42 - 2012-06-12 14:11 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:00 - 2012-06-12 14:12 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-12 14:11 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-12 14:12 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-12 14:12 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-12 14:12 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-12 14:12 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-12 14:12 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-12 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-12 14:11 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:16 - 2012-06-12 14:11 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-16 21:31 - 2012-06-12 14:12 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:34 - 2012-06-12 14:12 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-13 15:55 - 2011-01-08 17:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-13 15:49 - 2011-04-19 13:58 - 00000000 ____D C:\Users\Smoove\AppData\Local\CrashDumps
2012-04-13 15:36 - 2012-04-13 15:36 - 00043520 ____A C:\Windows\SysWOW64\CmdLineExt03.dll
2012-04-07 04:31 - 2012-06-12 14:11 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 14:11 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-07 00:23 - 2012-04-07 00:23 - 00000000 ____D C:\Users\Smoove\Downloads\Hk+(23.03.2012)
2012-04-04 16:34 - 2012-04-04 16:33 - 22259528 ____A C:\Users\Smoove\Documents\vlc-2.0.1-win32.exe
2012-04-01 17:17 - 2012-02-27 01:04 - 00000000 ____D C:\Users\Smoove\Documents\My Games
2012-03-30 03:35 - 2012-05-10 13:06 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

ZeroAccess:
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\@
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\L
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\L\[email protected]
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\[email protected]
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\[email protected]
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\[email protected]
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\[email protected]
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\[email protected]
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\[email protected]
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\trz46A0.tmp
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\trz46C0.tmp
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\trz597E.tmp
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\trz9418.tmp
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U\trzC7D0.tmp

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3127.64 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3110.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:451.35 GB) (Free:43.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:14.12 GB) (Free:1.76 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive i: () (Removable) (Total:1.86 GB) (Free:1.77 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1907 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 451 GB 200 MB
Partition 3 Primary 14 GB 451 GB
Partition 4 Primary 103 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 451 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 1907 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-18 19:18

======================= End Of Log ==========================





Farbar Recovery Scan Tool Version: 24-06-2012
Ran by SYSTEM at 2012-06-25 04:10:51
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======
  • 0

#30
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

2012-06-12 23:48 - 2012-06-24 04:51 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-24 04:50 - 2011-04-11 20:11 - 00000000 ____D C:\Program Files (x86)\ConduitEngine
2012-06-24 04:50 - 2011-04-11 20:11 - 00000000 ____D C:\Program Files (x86)\Conduit
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}
CMD: netsh int ip reset all
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After this fix, I'm confident that the infection will be gone. Please try to boot the computer and tell me if it can boot. Also tell me what other symptoms remain and how is the computer running


Next:

Run this from normal mode:
Posted Image OTL Custom Scan
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    /md5start
    services.exe
    /md5stop

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP