Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

zeroaccess trojan problem [Solved]


  • This topic is locked This topic is locked

#1
rigs

rigs

    Member

  • Member
  • PipPipPip
  • 322 posts
My dad’s Dell pc running windows 7 64-bit, is having malaware problems. At first when starting his pc, I get a message stating that my McCafee firewall was off. So, when trying to turn on the firewall, it would turn on for about 3-5 seconds and go back to off . While trying to solve this problem, McCafee detected Trojans and removed them. After unsuscefully trying to enable the firewall I went the quarantined items window in McCafee to delete the Trojans. These are the Trojans found zeroaccess.gm, generic.dx!b2qj, zeroacces.gh, zeroaccess.gd, zeroaccess. So, I deleted them thinking that it would take care of the firewall problem. To my surprise the problem its still here. A disabled firewall and the same Trojans every time when rebooting the system and there after. I also tried to delete them using Malaware Bytes but it did not detect any of the Trojans. How can get rid of these Trojans? Can this problem be fixed?

Thank you for your help



OTL logfile created on: 8/29/2012 8:51:03 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\RIGO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 56.93% Memory free
7.98 Gb Paging File | 5.81 Gb Available in Paging File | 72.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 203.53 Gb Free Space | 71.82% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.16 Gb Free Space | 48.85% Space Free | Partition Type: NTFS
Drive E: | 5.63 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PC | User Name: RIGO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/29 20:49:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.scr
PRC - [2012/08/22 11:57:09 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/20 20:56:31 | 001,193,176 | ---- | M] () -- C:\Users\RIGO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/02 22:22:51 | 000,366,576 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2012/08/02 22:22:50 | 000,264,176 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2012/07/19 17:22:16 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/16 19:49:41 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/02/18 07:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/05/14 20:04:14 | 000,445,680 | ---- | M] () -- C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/18 19:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/22 11:57:08 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/08/20 20:56:31 | 001,193,176 | ---- | M] () -- C:\Users\RIGO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/08/02 22:22:53 | 000,071,664 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2012/08/02 22:22:52 | 000,268,272 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2012/08/02 22:22:52 | 000,108,448 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll
MOD - [2012/08/02 22:22:51 | 000,133,104 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2012/08/02 22:22:51 | 000,079,856 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2012/08/02 22:22:51 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
MOD - [2012/07/19 17:22:16 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/05/14 20:04:14 | 000,445,680 | ---- | M] () -- C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe
MOD - [2008/03/18 19:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll
MOD - [2008/03/18 19:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\js32.dll
MOD - [2008/01/08 17:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/08/23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/06/22 07:38:04 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/05/25 16:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/05/25 16:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/05/08 15:14:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/28 07:37:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV - [2012/08/22 11:57:09 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/31 15:38:32 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\GSService.exe -- (GSService)
SRV - [2012/04/16 19:49:41 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/08 05:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 10:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/06/10 10:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/06/10 10:58:46 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/06/22 07:38:16 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/06/22 07:36:12 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/06/22 07:34:00 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/06 17:40:09 | 000,513,080 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 09:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2010/07/15 19:45:42 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/09 19:05:24 | 000,032,840 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79381CE2-7FB3-4DA9-A3DC-8EC4450E03CF}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{79381CE2-7FB3-4DA9-A3DC-8EC4450E03CF}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com?a=1/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...01-E54A58A67DFD
IE - HKCU\..\SearchScopes\{3968205D-4CFC-41E4-9B3F-D180080FA126}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKCU\..\SearchScopes\{79381CE2-7FB3-4DA9-A3DC-8EC4450E03CF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.incre...c=search_box_fs
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-04-16 19:49:44&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=80324&lng=en
IE - HKCU\..\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}: "URL" = http://mystart.magen...&loc=search_box
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...arch_box_fs&a=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo..../?ourmark=3&p="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\RIGO\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\RIGO\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\RIGO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\RIGO\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/28 13:30:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/13 19:14:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/10 14:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/28 13:30:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/08/28 17:51:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/28 17:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 17:22:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/28 23:06:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\RIGO\AppData\Roaming\Move Networks [2010/01/02 21:25:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/13 19:14:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 17:22:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/28 23:06:43 | 000,000,000 | ---D | M]

[2009/11/14 15:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Extensions
[2012/08/29 20:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions
[2012/08/13 23:31:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/03/05 20:27:12 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/03/30 19:13:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/04 11:13:41 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2012/08/21 22:06:47 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2012/08/26 19:54:58 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]
[2012/08/29 20:27:38 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]
[2012/06/07 22:19:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]
[2012/05/19 19:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions
[2012/02/28 23:30:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/01/04 13:49:09 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/12/24 14:41:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/19 19:27:15 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\[email protected]
[2012/04/03 21:56:16 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\[email protected]
[2011/11/04 23:09:15 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\[email protected]
[2011/09/14 12:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions
[2011/09/14 12:09:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/09/14 12:09:17 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/09/14 12:09:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/04 15:40:46 | 000,002,333 | ---- | M] () -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\searchplugins\askcom.xml
[2012/04/11 18:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/09 21:22:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/03 21:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/10/31 12:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/08/28 17:51:23 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/08/28 17:53:40 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/08/19 19:16:12 | 000,105,386 | ---- | M] () (No name found) -- C:\USERS\RIGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0UL22PVT.DEFAULT USER\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
[2012/08/04 11:13:35 | 000,061,284 | ---- | M] () (No name found) -- C:\USERS\RIGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0UL22PVT.DEFAULT USER\EXTENSIONS\[email protected]
[2012/08/02 22:21:24 | 000,324,456 | ---- | M] () (No name found) -- C:\USERS\RIGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0UL22PVT.DEFAULT USER\EXTENSIONS\[email protected]
[2012/04/25 17:31:02 | 000,004,527 | ---- | M] () (No name found) -- C:\USERS\RIGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0UL22PVT.DEFAULT USER\EXTENSIONS\[email protected]
[2012/04/25 18:19:32 | 000,004,539 | ---- | M] () (No name found) -- C:\USERS\RIGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0UL22PVT.DEFAULT USER\EXTENSIONS\[email protected]
[2012/07/19 17:22:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/05/28 21:16:45 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2012/04/16 19:49:38 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/03 21:56:56 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/07/19 17:22:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/16 16:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2012/07/19 17:22:14 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120828175110.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (RivalGaming Games) - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\RIGO\AppData\Local\RivalGaming\RivalGaming.dll (RivalGaming)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120828175110.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PhoneTray] C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe ()
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\RIGO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63867C0-F8B9-4190-B9EF-5B499D70B5C1}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files (x86)\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/24 10:16:00 | 000,000,066 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0753a854-dec9-11df-ab73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0753a854-dec9-11df-ab73-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Special_Offers_from_SPHE_PC.exe -- [2012/01/27 12:16:07 | 004,587,902 | R--- | M] ( )
O33 - MountPoints2\{98288349-75d8-11e0-8f7e-00219b263d3e}\Shell - "" = AutoRun
O33 - MountPoints2\{98288349-75d8-11e0-8f7e-00219b263d3e}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 20:49:44 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.com
[2012/08/29 20:49:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.scr
[2012/08/29 20:47:11 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Desktop\OTL
[2012/08/29 20:45:57 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
[2012/08/29 18:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/29 18:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/28 22:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 22:29:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/28 22:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/28 20:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Web Start
[2012/08/28 20:33:44 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/08/28 17:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/28 17:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2012/08/28 17:51:09 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2012/08/28 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/08/28 17:51:05 | 000,487,296 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2012/08/28 17:51:05 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2012/08/28 17:51:05 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2012/08/28 17:51:05 | 000,075,936 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2012/08/28 17:51:05 | 000,065,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2012/08/28 17:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/08/28 17:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/08/28 17:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/08/28 17:44:36 | 000,177,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2012/08/28 11:36:00 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\{571E8418-6591-46D0-BFB3-5D7678953906}
[2012/08/27 13:54:59 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Firetrust
[2012/08/27 13:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firetrust
[2012/08/26 20:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
[2012/08/26 14:35:49 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/26 14:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/26 14:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/25 20:59:51 | 000,385,024 | ---- | C] (Mirko Marchese) -- C:\Windows\SysWow64\XPControls.ocx
[2012/08/25 20:59:51 | 000,360,448 | ---- | C] (Arafasoft) -- C:\Windows\SysWow64\libdll.dll
[2012/08/25 20:59:51 | 000,356,352 | ---- | C] (Arafasoft) -- C:\Windows\SysWow64\butscn.ocx
[2012/08/25 20:59:51 | 000,352,256 | ---- | C] (LaVolpe) -- C:\Windows\SysWow64\AlphaImage.ocx
[2012/08/25 20:59:51 | 000,339,968 | ---- | C] (Arafasoft http://www.arafasoft.com/) -- C:\Windows\SysWow64\Asimcr.ocx
[2012/08/17 19:55:07 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivalGaming
[2012/08/17 19:55:05 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\RivalGaming
[2012/08/15 20:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities
[2012/08/15 20:17:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinUtilities
[2012/08/15 19:59:08 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\asex
[2012/08/15 19:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All Sound Editor XP
[2012/08/15 19:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All Sound Editor XP
[2012/08/14 22:15:06 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\MusicBrainz
[2012/08/14 22:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicBrainz Picard
[2012/08/13 22:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Toolkit
[2012/08/13 22:04:45 | 000,000,000 | ---D | C] -- C:\MP3Toolkit
[2012/08/12 22:12:44 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Mp3tag
[2012/08/10 20:33:59 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Ilivid Player
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/29 20:49:45 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.com
[2012/08/29 20:49:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.scr
[2012/08/29 20:46:43 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 20:46:43 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 20:46:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/29 20:45:58 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
[2012/08/29 20:39:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3026827408-1962054132-2561569089-1000UA.job
[2012/08/29 20:10:41 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\RGames Updater.job
[2012/08/29 18:18:32 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/08/29 18:14:02 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/08/29 18:13:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/29 18:13:36 | 3212,709,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/28 22:50:13 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/28 22:30:13 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/26 20:31:09 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimCleaner.lnk
[2012/08/26 14:35:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/26 14:33:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/26 14:32:53 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/26 14:32:53 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/25 19:52:48 | 000,796,360 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/24 22:27:43 | 000,000,141 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2012/08/21 11:09:19 | 000,038,912 | ---- | M] () -- C:\Users\RIGO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/21 04:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/20 19:31:13 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/15 22:48:37 | 000,078,848 | -H-- | M] () -- C:\Users\RIGO\Documents\photothumb.db
[2012/08/15 22:47:24 | 000,001,021 | ---- | M] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2012/08/15 22:47:24 | 000,000,997 | ---- | M] () -- C:\Users\RIGO\Desktop\PhotoScape.lnk
[2012/08/15 22:30:53 | 000,001,313 | ---- | M] () -- C:\Users\RIGO\Desktop\Ashampoo Burning Studio 2012 .lnk
[2012/08/15 20:17:58 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2012/08/15 19:59:02 | 000,001,026 | ---- | M] () -- C:\Users\RIGO\Desktop\All Sound Editor XP.lnk
[2012/08/15 19:12:50 | 000,491,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/13 22:05:00 | 000,000,604 | ---- | M] () -- C:\Users\Public\Desktop\MP3 Toolkit.lnk
[2012/08/12 10:39:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3026827408-1962054132-2561569089-1000Core.job
[2012/08/02 22:23:54 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2012/08/02 22:23:54 | 000,001,967 | ---- | M] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2012/08/02 22:06:53 | 000,001,175 | ---- | M] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/08/02 22:06:53 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/28 22:30:13 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/28 17:52:38 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/08/26 14:35:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/25 19:53:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/23 19:53:29 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/17 19:55:05 | 000,000,256 | ---- | C] () -- C:\Windows\tasks\RGames Updater.job
[2012/08/15 22:30:53 | 000,001,313 | ---- | C] () -- C:\Users\RIGO\Desktop\Ashampoo Burning Studio 2012 .lnk
[2012/08/15 20:17:58 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2012/08/15 19:59:02 | 000,001,026 | ---- | C] () -- C:\Users\RIGO\Desktop\All Sound Editor XP.lnk
[2012/08/14 22:14:56 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
[2012/08/13 22:05:00 | 000,000,604 | ---- | C] () -- C:\Users\Public\Desktop\MP3 Toolkit.lnk
[2012/07/11 13:53:26 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\SysMachine3.dll
[2012/07/10 19:38:40 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/06/22 22:10:12 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/22 22:07:35 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\GSService.exe
[2012/04/28 16:59:14 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/04/28 16:58:31 | 000,074,703 | ---- | C] () -- C:\Windows\SysWOW64mfc45.dll
[2012/03/02 20:48:53 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/28 17:56:54 | 006,664,208 | ---- | C] () -- C:\Windows\SysWow64\dvdripcore.dll
[2012/01/28 17:56:49 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2011/08/22 16:21:58 | 000,011,545 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\UserTile.png
[2011/08/18 19:18:52 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/16 21:39:08 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\SysInfo.dll
[2011/07/14 16:42:28 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011/06/01 20:16:02 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systemconfig.dll
[2011/05/02 14:41:46 | 000,051,802 | ---- | C] () -- C:\Users\RIGO\4e920be4_b4f8_fcc6_4e920be4_b4f8_fcc6.pdf
[2011/04/02 14:34:04 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\Systemdrv.sys
[2010/12/20 19:37:00 | 000,038,912 | ---- | C] () -- C:\Users\RIGO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/19 22:33:05 | 000,053,248 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\chrtmp
[2010/11/19 14:06:37 | 012,383,664 | ---- | C] () -- C:\Users\RIGO\AppData\Local\rx_image32.Cache
[2010/11/19 13:58:30 | 000,725,152 | ---- | C] () -- C:\Users\RIGO\AppData\Local\rx_audio.Cache
[2010/10/01 12:08:40 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\OggEnc.exe
[2010/10/01 12:08:40 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe
[2010/10/01 12:08:40 | 000,076,800 | ---- | C] () -- C:\Windows\SysWow64\Faac.exe
[2010/09/29 14:08:22 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/12/23 21:25:28 | 000,000,436 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\mainhst.zgh
[2009/11/14 16:22:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/26 18:13:27 | 000,007,534 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\wklnhst.dat
[2006/06/25 09:16:53 | 000,001,648 | -H-- | C] () -- C:\Users\RIGO\AppData\Roaming\RIGOlog.dat

========== LOP Check ==========

[2011/04/29 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\4Media
[2009/11/14 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\4Team
[2011/11/26 23:16:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Abelssoft
[2009/11/14 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AbleFaxTifView
[2012/05/05 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AnnVideo
[2011/11/26 23:21:59 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AnvSoft
[2011/12/24 15:41:02 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Ashampoo
[2011/10/04 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Atari
[2009/04/27 11:14:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Audio Caller ID
[2012/04/25 18:02:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AutoHideIP
[2012/03/18 19:38:59 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Avanquest
[2012/04/03 21:56:35 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Babylon
[2012/05/03 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Big Angry Dog
[2010/10/07 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Blueberry
[2010/12/25 15:21:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Burn4U
[2012/04/25 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Byngo
[2010/12/25 19:26:00 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\CodedColor
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\com.AccuWeather.air.stratus.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
[2009/04/27 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Cool Record Edit Deluxe
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Cool Record Edit Pro
[2012/04/02 19:00:50 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Creevity Mp3 Cover Downloader
[2012/05/09 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DAEMON Tools Lite
[2009/09/04 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DAEMON Tools Pro
[2012/05/18 22:26:32 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Digiarty
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Diodia
[2010/08/03 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Downloaded Installations
[2011/10/28 23:12:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Dream Aquarium
[2011/07/10 18:53:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\EurekaLog
[2010/06/27 17:44:04 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Facebook
[2012/08/27 14:02:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Firetrust
[2010/09/11 16:28:30 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Foxit Software
[2010/12/27 22:52:56 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Foxreal
[2012/08/04 12:03:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Audio Editor
[2012/08/13 22:18:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2009/04/27 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Sound Recorder
[2010/10/10 11:16:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FreeBurner
[2010/09/30 20:14:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FreeFLVConverter
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Gabob.NowBoarding.B1EDF665FD3C3F3F09EA618A6CFE5BBDBDB5E912.1
[2012/04/10 13:16:04 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Gaijin Ent
[2012/06/24 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Get from YouTube
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GetRightToGo
[2007/01/01 04:10:02 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GlarySoft
[2012/04/17 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\HamsterSoft
[2011/05/24 14:00:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Image Zone Express
[2010/12/24 18:34:12 | 000,000,000 | RHSD | M] -- C:\Users\RIGO\AppData\Roaming\install
[2012/07/10 19:38:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Intermedia Software
[2011/09/19 17:35:35 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\IObit
[2011/10/26 19:07:06 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\KC Softwares
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Leadertech
[2012/03/18 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Littlelan
[2010/09/14 13:40:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\LogSys
[2012/04/08 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MAGIX
[2011/09/23 19:58:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Marine Aquarium 3
[2011/04/03 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\mediAvatar
[2011/08/20 13:38:40 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Modiac
[2012/07/08 20:18:37 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MP3 Editor for Free
[2012/08/12 22:38:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Mp3tag
[2012/03/02 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\mresreg
[2012/08/14 22:15:06 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MusicBrainz
[2012/02/05 17:37:35 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\NeoDownloader
[2010/08/04 14:54:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Nitro PDF
[2012/04/10 14:28:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Oberon Media
[2010/10/15 14:50:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\OpenCandy
[2011/04/28 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\OpenOffice.org
[2010/11/26 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PCHC
[2011/08/05 12:48:36 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PearlMountainSoft
[2011/03/17 19:54:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PhotoScape
[2012/08/12 11:55:25 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Pixpedia Publisher
[2009/11/14 15:57:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PlayFirst
[2010/02/17 23:22:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PPStream
[2009/11/14 15:57:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Printer Info Cache
[2012/04/17 21:54:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Privacy Guardian
[2012/04/09 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Product_FR
[2010/10/28 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Publish Providers
[2009/11/14 16:28:40 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Search Settings
[2012/05/28 14:31:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SlimCleaner
[2012/08/15 22:10:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Smart Audio Editor
[2009/12/23 21:09:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Smart PDF Converter Pro
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Snappy Fax
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Snappy Fax Archives
[2011/10/02 14:13:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Softland
[2012/04/16 17:36:04 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SoftMaker
[2010/10/28 17:25:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sony
[2012/06/26 15:36:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sound Editor Pro
[2012/08/20 21:00:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Spotify
[2012/07/04 16:49:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Steganos
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\StreamTorrent
[2012/04/25 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SurfAnonymousFree
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Template
[2010/02/13 22:36:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Thinstall
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\TuneUp Software
[2011/05/20 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Uniblue
[2011/11/21 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\URSoft
[2011/04/21 12:26:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\visualsearchpony.com
[2010/12/08 12:31:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\VSRevoGroup
[2011/08/15 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\WaveMax Sound Editor
[2009/03/02 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Windows Live Writer
[2012/07/11 20:36:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\WindSolutions
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\XnView
[2012/05/09 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\ZipGenius
[2012/08/29 18:14:02 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/08/29 20:10:41 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\RGames Updater.job
[2012/08/03 19:43:40 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/03/23 20:01:12 | 000,000,000 | ---D | M](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\买š
[2011/03/23 20:01:12 | 000,000,000 | ---D | C](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\买š

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\RIGO\Documents\bebe1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\RIGO\Documents\bebe.jpg:Roxio EMC Stream

< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello rigs,

Now

Please download MBRCheck.exe to your Desktop. Run the application.

It will produce a report on the desktop. Post that report in your next reply.

Next

Please download Farbar Service Scanner and run.
  • Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]
After that

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

So when you return please post:
  • MBRCheck report
  • aswMBR report
  • FSS.txt

  • 0

#3
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
here the reports..........on the aswMBR scanner, it asked me to install Avast AV for a better result but I declined.

thanks for replying.....



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 518
Logical Drives Mask: 0x000005fc

Kernel Drivers (total 190):
0x03607000 \SystemRoot\system32\ntoskrnl.exe
0x03BEF000 \SystemRoot\system32\hal.dll
0x00BB5000 \SystemRoot\system32\kdcom.dll
0x00C3A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C89000 \SystemRoot\system32\PSHED.dll
0x00C9D000 \SystemRoot\system32\CLFS.SYS
0x00CFB000 \SystemRoot\system32\CI.dll
0x00EE2000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F86000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F95000 \SystemRoot\system32\drivers\pci.sys
0x01194000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x0119D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x011CC000 \SystemRoot\system32\drivers\vdrvroot.sys
0x011D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x011E3000 \SystemRoot\System32\drivers\partmgr.sys
0x01000000 \SystemRoot\system32\drivers\volmgr.sys
0x00E57000 \SystemRoot\System32\drivers\volmgrx.sys
0x01015000 \SystemRoot\system32\drivers\pciide.sys
0x0101C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00EB3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00ECD000 \SystemRoot\system32\drivers\atapi.sys
0x00FC8000 \SystemRoot\system32\drivers\ataport.SYS
0x00FF2000 \SystemRoot\system32\drivers\amdxata.sys
0x01204000 \SystemRoot\system32\drivers\fltmgr.sys
0x01250000 \SystemRoot\system32\drivers\fileinfo.sys
0x01264000 \SystemRoot\system32\drivers\mfehidk.sys
0x01319000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0143B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01326000 \SystemRoot\System32\Drivers\msrpc.sys
0x015DE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01384000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0160B000 \SystemRoot\system32\drivers\ndis.sys
0x016FE000 \SystemRoot\system32\drivers\NETIO.SYS
0x0175E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018BD000 \SystemRoot\System32\drivers\tcpip.sys
0x01AC0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B0A000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01B5A000 \SystemRoot\system32\drivers\volsnap.sys
0x01BA6000 \SystemRoot\System32\Drivers\spldr.sys
0x01BAE000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BE8000 \SystemRoot\System32\Drivers\mup.sys
0x01800000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01809000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01843000 \SystemRoot\system32\DRIVERS\disk.sys
0x01859000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0179B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018AC000 \SystemRoot\System32\Drivers\Null.SYS
0x018B5000 \SystemRoot\System32\Drivers\Beep.SYS
0x017C5000 \SystemRoot\System32\drivers\vga.sys
0x017D3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0141B000 \SystemRoot\System32\drivers\watchdog.sys
0x01600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0142B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x013F6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0102C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01037000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01048000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0106A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01077000 \SystemRoot\System32\DRIVERS\netbt.sys
0x010BC000 \SystemRoot\system32\drivers\afd.sys
0x01145000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0114E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01174000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x00DBB000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x00DCC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00DDB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00C00000 \SystemRoot\system32\drivers\termdd.sys
0x0118A000 \??\C:\Windows\system32\drivers\STGMFEngine64.sys
0x02EAC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02EFD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02F09000 \SystemRoot\system32\drivers\mssmbios.sys
0x02F14000 \SystemRoot\System32\Drivers\GizmoDrv.SYS
0x02F1F000 \SystemRoot\System32\drivers\discache.sys
0x02F2E000 \SystemRoot\System32\Drivers\dfsc.sys
0x02F4C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02F5D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02F83000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03C03000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04295000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04389000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043CF000 \SystemRoot\system32\drivers\usbuhci.sys
0x04200000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04256000 \SystemRoot\system32\drivers\usbehci.sys
0x04267000 \SystemRoot\system32\drivers\HDAudBus.sys
0x02E00000 \SystemRoot\system32\DRIVERS\VSTBS26.SYS
0x02F99000 \SystemRoot\system32\DRIVERS\ks.sys
0x04437000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
0x046ED000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
0x047B8000 \SystemRoot\system32\drivers\modem.sys
0x04600000 \SystemRoot\system32\drivers\1394ohci.sys
0x0463E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0464B000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0465B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04671000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04695000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x046A1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x046D0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x047C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045AB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x047E8000 \SystemRoot\system32\drivers\kbdclass.sys
0x045C5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x047F7000 \SystemRoot\system32\drivers\swenum.sys
0x045D4000 \SystemRoot\system32\drivers\umbus.sys
0x04ED2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04F2C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A38000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05BA0000 \SystemRoot\system32\drivers\portcls.sys
0x05BDD000 \SystemRoot\system32\drivers\drmk.sys
0x05A00000 \SystemRoot\system32\drivers\ksthunk.sys
0x04F41000 \SystemRoot\system32\drivers\mfeavfk.sys
0x04F77000 \SystemRoot\system32\drivers\mfefirek.sys
0x05A06000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05A14000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05A20000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04FEC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04E00000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05A29000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04E1B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04E29000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05A2B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04E42000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04E4F000 \SystemRoot\system32\drivers\kbdhid.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x04E5D000 \SystemRoot\System32\drivers\Dxapi.sys
0x04E69000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005D0000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x04E77000 \SystemRoot\system32\drivers\luafv.sys
0x04E9A000 \SystemRoot\system32\drivers\WudfPf.sys
0x04EBB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x026A1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x026F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02707000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0271F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x02AEB000 \SystemRoot\system32\drivers\HTTP.sys
0x02BB4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02BD2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02A72000 \SystemRoot\system32\drivers\npf.sys
0x02755000 \SystemRoot\system32\drivers\peauth.sys
0x02A7E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02A89000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02ABA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06AF2000 \SystemRoot\System32\DRIVERS\srv.sys
0x06BC0000 \SystemRoot\system32\drivers\mfeapfk.sys
0x06A71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77AF0000 \Windows\System32\ntdll.dll
0x482E0000 \Windows\System32\smss.exe
0xFFE10000 \Windows\System32\apisetschema.dll
0xFF290000 \Windows\System32\autochk.exe
0x77CC0000 \Windows\System32\psapi.dll
0xFFDB0000 \Windows\System32\ws2_32.dll
0xFFCD0000 \Windows\System32\oleaut32.dll
0x779F0000 \Windows\System32\user32.dll
0xFFC00000 \Windows\System32\usp10.dll
0xFFBE0000 \Windows\System32\imagehlp.dll
0xFFBC0000 \Windows\System32\sechost.dll
0xFFB40000 \Windows\System32\difxapi.dll
0xFFA10000 \Windows\System32\rpcrt4.dll
0xFF800000 \Windows\System32\ole32.dll
0x777E0000 \Windows\System32\iertutil.dll
0x776C0000 \Windows\System32\kernel32.dll
0x77CB0000 \Windows\System32\normaliz.dll
0x77560000 \Windows\System32\wininet.dll
0xFF760000 \Windows\System32\clbcatq.dll
0xFF730000 \Windows\System32\imm32.dll
0xFF620000 \Windows\System32\msctf.dll
0xFF580000 \Windows\System32\comdlg32.dll
0x77410000 \Windows\System32\urlmon.dll
0xFF510000 \Windows\System32\gdi32.dll
0xFF500000 \Windows\System32\lpk.dll
0xFE770000 \Windows\System32\shell32.dll
0xFE760000 \Windows\System32\nsi.dll
0xFE700000 \Windows\System32\Wldap32.dll
0xFE660000 \Windows\System32\msvcrt.dll
0xFE480000 \Windows\System32\setupapi.dll
0xFE3A0000 \Windows\System32\advapi32.dll
0xFE320000 \Windows\System32\shlwapi.dll
0xFE2E0000 \Windows\System32\cfgmgr32.dll
0xFE240000 \Windows\System32\comctl32.dll
0xFE200000 \Windows\System32\wintrust.dll
0xFE1E0000 \Windows\System32\devobj.dll
0xFE170000 \Windows\System32\KernelBase.dll
0xFE000000 \Windows\System32\crypt32.dll
0xFDFF0000 \Windows\System32\msasn1.dll

Processes (total 73):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
580 csrss.exe
640 csrss.exe
648 C:\Windows\System32\wininit.exe
684 C:\Windows\System32\winlogon.exe
744 C:\Windows\System32\services.exe
752 C:\Windows\System32\lsass.exe
760 C:\Windows\System32\lsm.exe
868 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
208 C:\Windows\System32\svchost.exe
412 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\svchost.exe
1076 C:\Program Files\Dell\DellDock\DockLogin.exe
1168 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\spoolsv.exe
1388 C:\Windows\System32\dwm.exe
1428 C:\Windows\explorer.exe
1452 C:\Windows\System32\AERTSr64.exe
1480 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1676 C:\Program Files\Bonjour\mDNSResponder.exe
1700 C:\Windows\System32\svchost.exe
1736 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
1816 C:\Windows\System32\svchost.exe
1844 C:\Windows\SysWOW64\svchost.exe
1868 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1916 C:\Windows\RAVCpl64.exe
1940 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
1948 C:\Windows\System32\hkcmd.exe
1976 C:\Windows\System32\igfxpers.exe
1984 C:\Windows\System32\igfxsrvc.exe
2012 C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
1500 C:\Program Files\Common Files\Motive\McciCMService.exe
604 C:\Windows\System32\rundll32.exe
1628 C:\Windows\System32\rundll32.exe
1964 C:\Windows\SysWOW64\rundll32.exe
2080 C:\Users\RIGO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
2100 C:\Windows\System32\mfevtps.exe
2140 C:\Windows\System32\svchost.exe
2212 C:\Windows\System32\svchost.exe
2364 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2372 C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe
2408 C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
2416 C:\Program Files\McAfee.com\Agent\mcagent.exe
2456 C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
2484 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2692 C:\Windows\SysWOW64\STGRAMDiskHandler64.exe
2756 C:\Windows\System32\svchost.exe
2844 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
2884 C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
2924 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2996 C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
3040 C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
2272 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2204 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1084 C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
3108 C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
3132 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
3508 C:\Windows\System32\SearchIndexer.exe
3568 C:\Windows\System32\svchost.exe
3944 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
3492 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
376 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
2832 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2392 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3348 C:\Program Files (x86)\IncrediMail\Bin\ImNotfy.exe
5056 C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
2564 C:\Users\RIGO\Desktop\MBRCheck.exe
4388 C:\Windows\System32\conhost.exe
4808 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: ST3320613AS, Rev: DE13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


Farbar Service Scanner Version: 06-08-2012
Ran by RIGO (administrator) on 30-08-2012 at 13:26:50
Running from "C:\Users\RIGO\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 13:29:31
-----------------------------
13:29:31.231 OS Version: Windows x64 6.1.7601 Service Pack 1
13:29:31.231 Number of processors: 2 586 0x1706
13:29:31.231 ComputerName: PC UserName:
13:29:34.071 Initialize success
13:30:14.666 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:30:14.666 Disk 0 Vendor: ST3320613AS DE13 Size: 305245MB BusType: 3
13:30:14.698 Disk 0 MBR read successfully
13:30:14.698 Disk 0 MBR scan
13:30:14.698 Disk 0 Windows 7 default MBR code
13:30:14.698 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:30:14.713 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
13:30:14.713 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
13:30:14.776 Disk 0 scanning C:\Windows\system32\drivers
13:30:28.411 Service scanning
13:30:43.904 Modules scanning
13:30:43.904 Disk 0 trace - called modules:
13:30:43.919 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:30:43.919 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049542d0]
13:30:43.919 3 CLASSPNP.SYS[fffff8800185a43f] -> nt!IofCallDriver -> [0xfffffa8004790500]
13:30:43.935 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004783060]
13:30:43.935 Scan finished successfully
13:31:30.601 Disk 0 MBR has been saved successfully to "C:\Users\RIGO\Desktop\MBR.dat"
13:31:30.617 The log file has been saved successfully to "C:\Users\RIGO\Desktop\aswMBRlog.txt"
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello rigs,

I assume you have your Windows 7 disc.

Now

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
  • 0

#5
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
here's the report..........

Scan result of Farbar Recovery Scan Tool Version: 31-08-2012
Ran by SYSTEM at 30-08-2012 20:34:11
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM-x32\...\Run: [PhoneTray] "C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe" [445680 2009-05-14] ()
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe" [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKU\Guest\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [x]
HKU\Guest\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x]
HKU\RIGO\...\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c [366576 2012-08-02] (IncrediMail, Ltd.)
HKU\RIGO\...\Run: [Spotify Web Helper] "C:\Users\RIGO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-20] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RIGO\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

==================== Services (Whitelisted) ======

2 AERTFilters; C:\Windows\System32\AERTSr64.exe [86016 2008-07-28] (Andrea Electronics Corporation)
3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®)
3 GSService; "C:\Windows\SysWOW64\GSService.exe" [252928 2012-05-31] ()
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-11-18] (Alcatel-Lucent)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199304 2012-05-25] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210616 2012-05-25] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.)
2 Steganos Volatile Disk; C:\Windows\SysWow64\STGRAMDiskHandler64.exe [450560 2010-07-08] (Softwareentwicklung Remus - ArchiCrypt)
2 vToolbarUpdater10.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [918880 2012-04-16] ()
2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-08] ()

==================== Drivers (Whitelisted) ===================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [32840 2010-01-09] (Arainia Solutions LLC)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
2 npf; C:\Windows\System32\Drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-05-06] (Duplex Secure Ltd.)
1 STGMFEngine64; C:\Windows\System32\Drivers\STGMFEngine64.sys [28576 2010-09-03] (Softwareentwicklung Remus - ArchiCrypt.com)
3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
3 cpuz132; \??\C:\Users\RIGO\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
3 DfSdkS; [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
1 fqpzyetf; \??\C:\Windows\system32\drivers\fqpzyetf.sys [x]
3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [x]
3 mfeavfk01; [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V64.SYS [x]
3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-08-30 10:31 - 2012-08-30 10:31 - 00000512 ____A C:\Users\RIGO\Desktop\MBR.dat
2012-08-30 10:26 - 2012-08-30 10:26 - 00004436 ____A C:\Users\RIGO\Desktop\FSS.txt
2012-08-30 10:19 - 2012-08-30 10:20 - 00014551 ____A C:\Users\RIGO\Desktop\MBRCheck_08.30.12_13.19.55.txt
2012-08-30 10:17 - 2012-08-30 10:17 - 04731392 ____A (AVAST Software) C:\Users\RIGO\Desktop\aswMBR.exe
2012-08-30 10:17 - 2012-08-30 10:17 - 00693235 ____A (Farbar) C:\Users\RIGO\Desktop\FSS.exe
2012-08-30 10:16 - 2012-08-30 10:16 - 00080384 ____A C:\Users\RIGO\Desktop\MBRCheck.exe
2012-08-29 18:32 - 2012-08-29 18:32 - 00059038 ____A C:\Users\RIGO\Documents\otlExtras.Txt
2012-08-29 18:27 - 2012-08-29 18:27 - 00144652 ____A C:\Users\RIGO\Documents\OTL.Txt
2012-08-29 18:26 - 2012-08-29 18:26 - 00059038 ____A C:\Users\RIGO\Desktop\Extras.Txt
2012-08-29 18:25 - 2012-08-29 18:27 - 00144652 ____A C:\Users\RIGO\Desktop\OTL.Txt
2012-08-29 17:49 - 2012-08-29 17:49 - 00598528 ____A (OldTimer Tools) C:\Users\RIGO\Desktop\OTL.com
2012-08-29 17:40 - 2012-08-29 17:40 - 00598528 ____A (OldTimer Tools) C:\Users\RIGO\Downloads\OTL.exe
2012-08-29 15:25 - 2012-08-29 15:25 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-08-29 15:23 - 2012-08-29 17:20 - 00000000 ____D C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-08-29 15:21 - 2012-08-29 15:21 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\RIGO\Downloads\SpyHunter-Installer.exe
2012-08-29 14:31 - 2012-08-29 14:31 - 17142744 ____A (Microsoft Corporation) C:\Users\RIGO\Downloads\Windows-KB890830-x64-V4.11.exe
2012-08-29 14:30 - 2012-08-03 01:46 - 59884088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-08-29 14:29 - 2012-08-29 14:29 - 16476616 ____A (Microsoft Corporation) C:\Users\RIGO\Downloads\Windows-KB890830-V4.11.exe
2012-08-29 14:12 - 2012-08-29 14:12 - 00329088 ____A (AVAST Software) C:\Users\RIGO\Downloads\aswclear.exe
2012-08-29 13:48 - 2012-08-29 13:48 - 00000000 ____D C:\Users\RIGO\Downloads\6807standalonetool
2012-08-29 13:46 - 2012-08-29 13:46 - 00965584 ____A C:\Users\RIGO\Downloads\6807standalonetool.zip
2012-08-28 19:30 - 2012-08-28 19:30 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-28 19:29 - 2012-08-28 19:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-28 19:29 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-28 19:28 - 2012-08-28 19:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\RIGO\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-28 17:33 - 2012-08-28 17:35 - 00000000 ___HD C:\Windows\AxInstSV
2012-08-28 14:52 - 2012-08-30 10:09 - 00001830 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2012-08-28 14:51 - 2012-08-28 14:51 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-08-28 14:51 - 2012-02-22 10:29 - 00487296 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-08-28 14:51 - 2012-02-22 10:29 - 00229528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-08-28 14:51 - 2012-02-22 10:29 - 00100912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-08-28 14:51 - 2012-02-22 10:29 - 00075936 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2012-08-28 14:51 - 2012-02-22 10:29 - 00065264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-08-28 14:51 - 2012-02-22 10:29 - 00010248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-08-28 14:50 - 2012-08-28 14:52 - 00000000 ____D C:\Program Files\McAfee
2012-08-28 14:50 - 2012-08-28 14:51 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-08-28 14:50 - 2012-08-28 14:50 - 00000000 ____D C:\Program Files\McAfee.com
2012-08-28 14:44 - 2012-06-22 04:38 - 00177144 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-08-28 14:40 - 2012-08-28 14:40 - 00000040 ____A C:\Users\RIGO\Documents\mcserial#282012.txt
2012-08-28 08:36 - 2012-08-28 08:36 - 00000000 ____D C:\Users\RIGO\AppData\Local\{571E8418-6591-46D0-BFB3-5D7678953906}
2012-08-27 10:54 - 2012-08-27 11:06 - 00000000 ____D C:\Program Files (x86)\Firetrust
2012-08-27 10:54 - 2012-08-27 11:02 - 00000000 ____D C:\Users\RIGO\AppData\Roaming\Firetrust
2012-08-26 15:52 - 2012-08-26 15:52 - 00013162 ____A C:\Users\RIGO\Downloads\password-export-2012-08-26.csv
2012-08-26 11:35 - 2012-08-28 14:24 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-08-26 11:35 - 2012-08-26 11:35 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-26 11:35 - 2012-08-26 11:35 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-26 11:35 - 2012-08-21 01:12 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-26 11:27 - 2012-08-26 11:28 - 93654616 ____A C:\Users\RIGO\Downloads\avast_free_antivirus_setup.exe
2012-08-25 17:59 - 2010-06-07 23:35 - 00339968 ____A (Arafasoft http://www.arafasoft.com/) C:\Windows\SysWOW64\Asimcr.ocx
2012-08-25 17:59 - 2010-01-30 22:26 - 00360448 ____A (Arafasoft) C:\Windows\SysWOW64\libdll.dll
2012-08-25 17:59 - 2009-02-12 12:46 - 00049152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscdrun.dll
2012-08-25 17:59 - 2008-09-20 01:50 - 00352256 ____A (LaVolpe) C:\Windows\SysWOW64\AlphaImage.ocx
2012-08-25 17:59 - 2008-09-11 03:21 - 00356352 ____A (Arafasoft) C:\Windows\SysWOW64\butscn.ocx
2012-08-25 17:59 - 2005-11-23 05:25 - 00385024 ____A (Mirko Marchese) C:\Windows\SysWOW64\XPControls.ocx
2012-08-25 16:53 - 2012-08-26 11:33 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-25 16:51 - 2012-08-25 16:51 - 12621696 ____A (Microsoft Corporation) C:\Users\RIGO\Downloads\mseinstall.exe
2012-08-23 17:26 - 2012-08-23 17:27 - 00000086 ____A C:\setup.log
2012-08-23 16:53 - 2009-02-04 23:49 - 00451072 ____A C:\Windows\SysWOW64\ISSRemoveSP.exe
2012-08-23 13:24 - 2012-08-23 13:24 - 00219865 ____A C:\Users\RIGO\Downloads\bookmarks1.html
2012-08-22 11:41 - 2012-08-22 11:41 - 00000109 ____A C:\Users\RIGO\Downloads\password-export-2012-08-22.xml
2012-08-17 16:55 - 2012-08-30 16:48 - 00000256 ____A C:\Windows\Tasks\RGames Updater.job
2012-08-17 16:55 - 2012-08-30 10:48 - 00000000 ____D C:\Users\RIGO\AppData\Local\RivalGaming
2012-08-16 08:58 - 2012-08-28 17:38 - 00024110 ____A C:\Windows\PFRO.log
2012-08-15 19:45 - 2012-08-15 19:45 - 00730344 ____A (CNET Download.com) C:\Users\RIGO\Downloads\cbsidlm-cbsi3_2_5_53-PhotoScape-10703122.exe
2012-08-15 19:30 - 2012-08-15 19:30 - 00001313 ____A C:\Users\RIGO\Desktop\Ashampoo Burning Studio 2012 .lnk
2012-08-15 19:28 - 2012-08-15 19:28 - 00000020 ____A C:\Users\RIGO\Documents\ashab2012#.txt
2012-08-15 17:22 - 2012-08-15 17:24 - 60078784 ____A (Ashampoo GmbH & Co. KG ) C:\Users\RIGO\Downloads\ashampoo_burning_studio_2012_10.0.15_10871.exe
2012-08-15 17:17 - 2012-08-17 10:13 - 00000000 ____D C:\Program Files (x86)\WinUtilities
2012-08-15 17:17 - 2012-08-15 17:17 - 00000994 ____A C:\Users\Public\Desktop\WinUtilities.lnk
2012-08-15 17:16 - 2012-08-15 17:16 - 00000000 ____D C:\Users\RIGO\Downloads\WinUtilitiesPro
2012-08-15 17:12 - 2012-08-15 17:12 - 12817164 ____A C:\Users\RIGO\Downloads\WinUtilitiesPro.zip
2012-08-15 16:59 - 2012-08-17 17:20 - 00000000 ____D C:\Users\RIGO\Documents\asex
2012-08-15 16:59 - 2012-08-15 16:59 - 00001026 ____A C:\Users\RIGO\Desktop\All Sound Editor XP.lnk
2012-08-15 16:58 - 2012-08-15 16:59 - 00000000 ____D C:\Program Files (x86)\All Sound Editor XP
2012-08-15 07:21 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 07:21 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 07:21 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 07:21 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 07:21 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 07:21 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 07:21 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 07:21 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 07:21 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 07:21 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 07:21 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 07:21 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 07:21 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 07:21 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 07:21 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 07:21 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 07:21 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-15 07:21 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 07:21 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 07:21 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-15 07:21 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 07:21 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 07:21 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 07:21 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-15 07:21 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 07:21 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 07:21 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 07:21 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 07:19 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 07:19 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 07:19 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 07:19 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 07:19 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 07:19 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-15 06:53 - 2012-08-15 06:53 - 00000017 ____A C:\Users\RIGO\Documents\asexp.txt
2012-08-15 06:51 - 2012-08-15 06:51 - 03125512 ____A (MP3DO Inc. ) C:\Users\RIGO\Downloads\all-sound-editor-xp.exe
2012-08-15 06:21 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 06:21 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 06:21 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 06:21 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 06:21 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 06:21 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 06:21 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 06:14 - 2012-08-30 10:04 - 00946240 ____A C:\Windows\setupact.log
2012-08-15 06:14 - 2012-08-15 06:14 - 00000000 ____A C:\Windows\setuperr.log
2012-08-14 19:15 - 2012-08-14 19:15 - 00000000 ____D C:\Users\RIGO\AppData\Roaming\MusicBrainz
2012-08-14 19:14 - 2012-08-14 19:14 - 09849684 ____A (MusicBrainz) C:\Users\RIGO\Downloads\picard-setup-1.0.exe
2012-08-14 19:14 - 2012-08-14 19:14 - 00000000 ____D C:\Program Files (x86)\MusicBrainz Picard
2012-08-13 19:05 - 2012-08-13 19:05 - 00000604 ____A C:\Users\Public\Desktop\MP3 Toolkit.lnk
2012-08-13 19:04 - 2012-08-13 19:16 - 00000000 ____D C:\MP3Toolkit
2012-08-12 19:19 - 2012-08-12 19:19 - 00000000 ____D C:\Users\RIGO\Downloads\tagscan5.1.620
2012-08-12 19:12 - 2012-08-12 19:38 - 00000000 ____D C:\Users\RIGO\AppData\Roaming\Mp3tag
2012-08-10 19:53 - 2012-08-10 19:53 - 01431513 ____A C:\Users\RIGO\Downloads\bookmarks10.zip
2012-08-10 17:33 - 2012-08-10 17:34 - 00000000 ____D C:\Users\RIGO\AppData\Local\Ilivid Player
2012-08-10 17:32 - 2012-08-10 17:32 - 00823648 ____A (Bandoo Media Inc) C:\Users\RIGO\Downloads\iLividSetupV1.exe
2012-08-10 09:31 - 2012-08-10 09:31 - 00463080 ____A (CNET Download.com) C:\Users\RIGO\Downloads\cnet2_setup_multilang_exe.exe
2012-08-07 19:31 - 2012-08-07 19:31 - 01562688 ____A C:\Users\RIGO\Downloads\StreamTorrent10Build0078.zip
2012-08-03 19:31 - 2012-08-03 19:32 - 22873624 ____A C:\Users\RIGO\Downloads\FreeAudioEditor.exe
2012-08-03 19:25 - 2012-08-03 19:25 - 11011816 ____A (MP3Toolkit.com ) C:\Users\RIGO\Downloads\mp3toolkit.exe
2012-08-03 19:22 - 2012-08-03 19:22 - 02069248 ____A (raz-soft ) C:\Users\RIGO\Downloads\SubsGrabber_setup.exe


==================== 3 Months Modified Files ================================

2012-08-30 16:48 - 2012-08-17 16:55 - 00000256 ____A C:\Windows\Tasks\RGames Updater.job
2012-08-30 16:45 - 2012-07-19 18:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-30 16:39 - 2010-08-26 14:48 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3026827408-1962054132-2561569089-1000UA.job
2012-08-30 13:29 - 2009-02-26 15:13 - 00007694 ____A C:\Users\RIGO\AppData\Roaming\wklnhst.dat
2012-08-30 10:31 - 2012-08-30 10:31 - 00000512 ____A C:\Users\RIGO\Desktop\MBR.dat
2012-08-30 10:26 - 2012-08-30 10:26 - 00004436 ____A C:\Users\RIGO\Desktop\FSS.txt
2012-08-30 10:20 - 2012-08-30 10:19 - 00014551 ____A C:\Users\RIGO\Desktop\MBRCheck_08.30.12_13.19.55.txt
2012-08-30 10:17 - 2012-08-30 10:17 - 04731392 ____A (AVAST Software) C:\Users\RIGO\Desktop\aswMBR.exe
2012-08-30 10:17 - 2012-08-30 10:17 - 00693235 ____A (Farbar) C:\Users\RIGO\Desktop\FSS.exe
2012-08-30 10:16 - 2012-08-30 10:16 - 00080384 ____A C:\Users\RIGO\Desktop\MBRCheck.exe
2012-08-30 10:12 - 2009-11-14 12:37 - 00009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-30 10:12 - 2009-11-14 12:37 - 00009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-30 10:09 - 2012-08-28 14:52 - 00001830 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2012-08-30 10:04 - 2012-08-15 06:14 - 00946240 ____A C:\Windows\setupact.log
2012-08-30 10:04 - 2012-06-14 17:21 - 00000322 ____A C:\Windows\Tasks\GlaryInitialize.job
2012-08-30 10:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-29 18:32 - 2012-08-29 18:32 - 00059038 ____A C:\Users\RIGO\Documents\otlExtras.Txt
2012-08-29 18:27 - 2012-08-29 18:27 - 00144652 ____A C:\Users\RIGO\Documents\OTL.Txt
2012-08-29 18:27 - 2012-08-29 18:25 - 00144652 ____A C:\Users\RIGO\Desktop\OTL.Txt
2012-08-29 18:26 - 2012-08-29 18:26 - 00059038 ____A C:\Users\RIGO\Desktop\Extras.Txt
2012-08-29 17:49 - 2012-08-29 17:49 - 00598528 ____A (OldTimer Tools) C:\Users\RIGO\Desktop\OTL.com
2012-08-29 17:40 - 2012-08-29 17:40 - 00598528 ____A (OldTimer Tools) C:\Users\RIGO\Downloads\OTL.exe
2012-08-29 17:36 - 2009-11-14 13:14 - 01077363 ____A C:\Windows\WindowsUpdate.log
2012-08-29 15:21 - 2012-08-29 15:21 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\RIGO\Downloads\SpyHunter-Installer.exe
2012-08-29 14:31 - 2012-08-29 14:31 - 17142744 ____A (Microsoft Corporation) C:\Users\RIGO\Downloads\Windows-KB890830-x64-V4.11.exe
2012-08-29 14:29 - 2012-08-29 14:29 - 16476616 ____A (Microsoft Corporation) C:\Users\RIGO\Downloads\Windows-KB890830-V4.11.exe
2012-08-29 14:12 - 2012-08-29 14:12 - 00329088 ____A (AVAST Software) C:\Users\RIGO\Downloads\aswclear.exe
2012-08-29 13:46 - 2012-08-29 13:46 - 00965584 ____A C:\Users\RIGO\Downloads\6807standalonetool.zip
2012-08-28 19:50 - 2009-11-14 13:22 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-08-28 19:30 - 2012-08-28 19:30 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-28 19:28 - 2012-08-28 19:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\RIGO\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-28 17:38 - 2012-08-16 08:58 - 00024110 ____A C:\Windows\PFRO.log
2012-08-28 14:40 - 2012-08-28 14:40 - 00000040 ____A C:\Users\RIGO\Documents\mcserial#282012.txt
2012-08-27 15:23 - 2010-10-29 19:03 - 00000207 ____A C:\Users\Public\Documents\claudioLT.txt
2012-08-26 17:31 - 2012-04-20 18:15 - 00002467 ____A C:\Users\Public\Desktop\SlimCleaner.lnk
2012-08-26 17:30 - 2012-04-20 18:03 - 00608096 ____A (SlimWare Utilities, Inc.) C:\Users\RIGO\Downloads\SlimCleaner-setup.exe
2012-08-26 15:52 - 2012-08-26 15:52 - 00013162 ____A C:\Users\RIGO\Downloads\password-export-2012-08-26.csv
2012-08-26 11:35 - 2012-08-26 11:35 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-26 11:33 - 2012-08-25 16:53 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-26 11:28 - 2012-08-26 11:27 - 93654616 ____A C:\Users\RIGO\Downloads\avast_free_antivirus_setup.exe
2012-08-25 16:52 - 2011-08-18 16:18 - 00796360 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-25 16:51 - 2012-08-25 16:51 - 12621696 ____A (Microsoft Corporation) C:\Users\RIGO\Downloads\mseinstall.exe
2012-08-24 19:27 - 2011-01-10 18:57 - 00000141 ____A C:\Windows\SysWOW64\_WKERNEL.SYL
2012-08-23 17:27 - 2012-08-23 17:26 - 00000086 ____A C:\setup.log
2012-08-23 13:24 - 2012-08-23 13:24 - 00219865 ____A C:\Users\RIGO\Downloads\bookmarks1.html
2012-08-22 11:41 - 2012-08-22 11:41 - 00000109 ____A C:\Users\RIGO\Downloads\password-export-2012-08-22.xml
2012-08-22 08:57 - 2012-04-16 08:16 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-22 08:57 - 2011-06-14 14:46 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-21 08:09 - 2010-12-20 16:37 - 00038912 ____A C:\Users\RIGO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-21 01:12 - 2012-08-26 11:35 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-20 16:31 - 2009-07-13 21:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-17 17:12 - 2012-06-08 17:15 - 73163145 ____A C:\Users\RIGO\Downloads\pcm-giveaway.zip
2012-08-15 19:48 - 2009-08-14 09:24 - 00078848 ___AH C:\Users\RIGO\Documents\photothumb.db
2012-08-15 19:47 - 2009-12-10 14:05 - 00000997 ____A C:\Users\RIGO\Desktop\PhotoScape.lnk
2012-08-15 19:47 - 2009-12-10 14:05 - 00000997 ____A C:\Users\Guest\Desktop\PhotoScape.lnk
2012-08-15 19:45 - 2012-08-15 19:45 - 00730344 ____A (CNET Download.com) C:\Users\RIGO\Downloads\cbsidlm-cbsi3_2_5_53-PhotoScape-10703122.exe
2012-08-15 19:30 - 2012-08-15 19:30 - 00001313 ____A C:\Users\RIGO\Desktop\Ashampoo Burning Studio 2012 .lnk
2012-08-15 19:28 - 2012-08-15 19:28 - 00000020 ____A C:\Users\RIGO\Documents\ashab2012#.txt
2012-08-15 17:24 - 2012-08-15 17:22 - 60078784 ____A (Ashampoo GmbH & Co. KG ) C:\Users\RIGO\Downloads\ashampoo_burning_studio_2012_10.0.15_10871.exe
2012-08-15 17:17 - 2012-08-15 17:17 - 00000994 ____A C:\Users\Public\Desktop\WinUtilities.lnk
2012-08-15 17:12 - 2012-08-15 17:12 - 12817164 ____A C:\Users\RIGO\Downloads\WinUtilitiesPro.zip
2012-08-15 16:59 - 2012-08-15 16:59 - 00001026 ____A C:\Users\RIGO\Desktop\All Sound Editor XP.lnk
2012-08-15 16:12 - 2009-07-13 20:45 - 00491480 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 06:53 - 2012-08-15 06:53 - 00000017 ____A C:\Users\RIGO\Documents\asexp.txt
2012-08-15 06:51 - 2012-08-15 06:51 - 03125512 ____A (MP3DO Inc. ) C:\Users\RIGO\Downloads\all-sound-editor-xp.exe
2012-08-15 06:14 - 2012-08-15 06:14 - 00000000 ____A C:\Windows\setuperr.log
2012-08-14 19:14 - 2012-08-14 19:14 - 09849684 ____A (MusicBrainz) C:\Users\RIGO\Downloads\picard-setup-1.0.exe
2012-08-13 19:05 - 2012-08-13 19:05 - 00000604 ____A C:\Users\Public\Desktop\MP3 Toolkit.lnk
2012-08-12 07:39 - 2010-08-26 14:48 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3026827408-1962054132-2561569089-1000Core.job
2012-08-10 19:53 - 2012-08-10 19:53 - 01431513 ____A C:\Users\RIGO\Downloads\bookmarks10.zip
2012-08-10 17:32 - 2012-08-10 17:32 - 00823648 ____A (Bandoo Media Inc) C:\Users\RIGO\Downloads\iLividSetupV1.exe
2012-08-10 09:31 - 2012-08-10 09:31 - 00463080 ____A (CNET Download.com) C:\Users\RIGO\Downloads\cnet2_setup_multilang_exe.exe
2012-08-07 19:37 - 2012-07-15 19:19 - 00802343 ____A C:\Users\RIGO\Downloads\revolutv_setup.zip
2012-08-07 19:31 - 2012-08-07 19:31 - 01562688 ____A C:\Users\RIGO\Downloads\StreamTorrent10Build0078.zip
2012-08-03 19:32 - 2012-08-03 19:31 - 22873624 ____A C:\Users\RIGO\Downloads\FreeAudioEditor.exe
2012-08-03 19:25 - 2012-08-03 19:25 - 11011816 ____A (MP3Toolkit.com ) C:\Users\RIGO\Downloads\mp3toolkit.exe
2012-08-03 19:22 - 2012-08-03 19:22 - 02069248 ____A (raz-soft ) C:\Users\RIGO\Downloads\SubsGrabber_setup.exe
2012-08-03 16:43 - 2009-07-13 21:08 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-03 01:46 - 2012-08-29 14:30 - 59884088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-08-03 01:27 - 2010-03-17 12:51 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-02 19:23 - 2012-04-01 19:02 - 00001975 ____A C:\Users\Public\Desktop\IncrediMail.lnk
2012-08-02 19:06 - 2011-08-18 19:28 - 00001151 ____A C:\Users\Public\Desktop\GOM Player.lnk
2012-07-20 13:37 - 2012-07-20 13:37 - 00017525 ____A C:\Users\RIGO\Downloads\PrintItinerary.htm
2012-07-18 14:05 - 2012-07-18 14:05 - 01028152 ____A C:\Users\RIGO\Downloads\radarsync.exe
2012-07-18 10:15 - 2012-08-15 06:21 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-15 09:53 - 2012-07-15 09:53 - 02816213 ____A (Teorex, dadagoo GmbH ) C:\Users\RIGO\Downloads\InPaint3_pro.exe
2012-07-13 13:57 - 2012-07-13 13:57 - 04924867 ____A C:\Users\RIGO\Downloads\setup_wipe.exe
2012-07-13 13:56 - 2012-07-13 13:56 - 02317603 ____A C:\Users\RIGO\Downloads\setup_prevent_restore.exe
2012-07-13 13:14 - 2012-07-13 13:14 - 00000022 ____A C:\Users\RIGO\Documents\ashm.txt
2012-07-13 12:08 - 2012-07-13 12:07 - 18582184 ____A (Ashampoo GmbH & Co. KG ) C:\Users\RIGO\Downloads\ashampoo_winoptimizer_2012_8.1.4_11293.exe
2012-07-12 16:34 - 2012-07-12 16:34 - 15965057 ____A C:\Users\RIGO\Downloads\LOS FENIX - SINGLES.rar
2012-07-12 10:28 - 2012-07-12 10:25 - 06147672 ____A (RoseCitySoftware ) C:\Users\RIGO\Downloads\Registry_First_Aid_8_TR_DE.exe
2012-07-11 11:32 - 2012-07-11 11:32 - 00000818 ____A C:\Users\RIGO\Desktop\7-Zip File Manager.lnk
2012-07-11 10:53 - 2012-07-11 10:53 - 00000014 ____A C:\Windows\SysWOW64\SysMachine3.dll
2012-07-11 09:28 - 2012-07-11 09:27 - 01376768 ____A C:\Users\RIGO\Downloads\7z920-x64.msi
2012-07-11 09:19 - 2012-07-11 09:19 - 03889704 ____A (Piriform Ltd) C:\Users\RIGO\Downloads\ccsetup320.exe
2012-07-10 17:52 - 2012-07-10 17:52 - 07207866 ____A (FreeDownloadManager.ORG ) C:\Users\RIGO\Downloads\fdminst.exe
2012-07-10 17:52 - 2012-07-10 17:52 - 03536310 ____A (FreeDownloadManager.ORG ) C:\Users\RIGO\Downloads\fdminst-lite.exe
2012-07-10 17:05 - 2012-07-10 17:05 - 00861993 ____A C:\Users\RIGO\Downloads\PaperForm.zip
2012-07-10 16:38 - 2012-07-10 16:38 - 00000106 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-07-09 19:34 - 2012-07-09 19:34 - 00890222 ____A C:\Users\RIGO\Downloads\AlbumArtDownloaderXUI-0.44.exe
2012-07-09 19:27 - 2012-07-09 19:27 - 16927272 ____A (Intermedia Software ) C:\Users\RIGO\Downloads\helium_8.exe
2012-07-06 17:49 - 2012-07-06 17:48 - 24285441 ____A C:\Users\RIGO\Downloads\FSFSetup_dsg.zip
2012-07-06 17:38 - 2012-05-26 16:41 - 132977032 ____A ( ) C:\Users\RIGO\Downloads\CyberLink.v2105_37772_Spr_PTD110915-01.exe
2012-07-04 14:16 - 2012-08-15 06:21 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 06:21 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 06:21 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 06:21 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 06:21 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 10:59 - 2012-07-04 10:59 - 13261808 ____A (Steganos Software GmbH) C:\Users\RIGO\Downloads\std12int.exe
2012-07-03 10:46 - 2012-08-28 19:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 10:45 - 2012-07-01 10:45 - 02867607 ____A C:\Users\RIGO\Downloads\LongoDVDRipper.zip
2012-07-01 09:45 - 2012-06-19 16:36 - 23748738 ____A (Igor Pavlov) C:\Users\RIGO\Downloads\tor-browser-2.2.37-1_en-US.exe
2012-06-30 15:48 - 2012-06-30 15:48 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-30 15:48 - 2012-06-30 15:48 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-30 15:48 - 2012-06-30 15:48 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-30 15:22 - 2012-06-30 15:22 - 14662576 ____A (Foxit Corporation ) C:\Users\RIGO\Downloads\FoxitReader531.0606_enu_Setup.exe
2012-06-30 14:12 - 2012-06-30 14:12 - 00000021 ____A C:\Users\RIGO\Documents\Ashampoorc#.txt
2012-06-29 11:13 - 2012-06-29 11:13 - 00042617 ____A C:\Users\RIGO\Documents\scanitto.tif
2012-06-28 20:55 - 2012-08-15 07:21 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 07:21 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 07:21 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 07:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 07:21 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 07:21 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 07:21 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 07:21 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 07:21 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 07:21 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 07:21 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 07:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 07:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 07:21 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 07:21 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:47 - 2012-04-25 15:19 - 00001081 ____A C:\Users\Public\Desktop\Surf Anonymous Free.lnk
2012-06-28 16:46 - 2012-06-28 16:46 - 05023798 ____A C:\Users\RIGO\Downloads\SurfAnonymousFree-2.2.1.2.Setup.exe
2012-06-28 16:27 - 2012-08-15 07:21 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 07:21 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 07:21 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 07:21 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 07:21 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 07:21 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 07:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 07:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 07:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 07:21 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 07:21 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 07:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 07:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-26 12:30 - 2012-06-26 12:29 - 15058568 ____A (Ventis Media Inc. ) C:\Users\RIGO\Downloads\MediaMonkey_4.0.5.1496.exe
2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-24 19:24 - 2010-11-19 10:58 - 00725152 ____A C:\Users\RIGO\AppData\Local\rx_audio.Cache
2012-06-24 15:59 - 2012-06-24 15:59 - 00885848 ____A (NCH Software) C:\Users\RIGO\Downloads\wpsetup.exe
2012-06-24 15:57 - 2012-06-24 15:57 - 17299080 ____A (meMedia Co., Ltd. ) C:\Users\RIGO\Downloads\Mp3EditorforFree.exe
2012-06-22 04:38 - 2012-08-28 14:44 - 00177144 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-06-22 04:38 - 2012-06-22 04:38 - 00335784 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-06-22 04:36 - 2012-06-22 04:36 - 00752672 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-06-22 04:34 - 2012-06-22 04:34 - 00169320 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-06-18 17:30 - 2012-02-13 17:47 - 00001296 ____A C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
2012-06-18 17:29 - 2012-01-21 16:59 - 19333864 ____A (Digiarty Software, Inc. ) C:\Users\RIGO\Downloads\winx-dvd-ripper-pt.exe
2012-06-17 17:43 - 2012-06-04 19:02 - 18590744 ____A C:\Users\RIGO\Downloads\Cryptload 1.1.8.zip
2012-06-15 17:53 - 2012-06-15 17:53 - 00000302 ____A C:\Users\RIGO\Downloads\Readme.zip
2012-06-14 19:29 - 2010-12-25 12:24 - 00001163 ____A C:\Users\RIGO\Desktop\Pixpedia Publisher.lnk
2012-06-14 17:24 - 2012-06-14 17:24 - 00000018 ____A C:\Users\RIGO\Documents\glortuneup#.txt
2012-06-14 17:19 - 2012-06-14 17:19 - 06621912 ____A (Glarysoft Ltd ) C:\Users\RIGO\Downloads\gupsetup.exe
2012-06-14 17:18 - 2011-07-24 09:32 - 17125376 ____A C:\Users\RIGO\Downloads\tuneup_kit.exe
2012-06-12 16:55 - 2012-06-12 16:55 - 04346015 ____A C:\Users\RIGO\Downloads\FullUninstall.zip
2012-06-08 21:43 - 2012-07-11 11:54 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 11:54 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-11 11:55 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 11:55 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 11:53 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 11:54 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 11:54 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 11:54 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 18:33 - 2012-06-05 18:33 - 00001242 ____A C:\Users\RIGO\Desktop\Ashampoo WinOptimizer 2012 .lnk
2012-06-05 17:16 - 2012-06-05 17:15 - 00000101 ____A C:\Users\RIGO\Documents\ashampooWO#.txt
2012-06-05 17:00 - 2012-06-05 16:59 - 18511312 ____A (Ashampoo GmbH & Co. KG ) C:\Users\RIGO\Downloads\ashampoo_winoptimizer_2012_8.1.4_10229.exe
2012-06-04 18:50 - 2012-06-04 18:50 - 00833099 ____A C:\Users\RIGO\Downloads\checkdisk_64bit.zip
2012-06-02 14:19 - 2012-06-18 16:52 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 16:52 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 16:52 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 16:51 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 16:51 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 16:52 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 16:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-18 16:51 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-18 16:51 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-26 11:35:18
Restore point made on: 2012-08-26 11:44:48
Restore point made on: 2012-08-26 11:49:10
Restore point made on: 2012-08-27 11:01:50
Restore point made on: 2012-08-28 14:17:33
Restore point made on: 2012-08-28 14:18:11
Restore point made on: 2012-08-28 17:36:24
Restore point made on: 2012-08-28 20:05:21
Restore point made on: 2012-08-28 20:06:27
Restore point made on: 2012-08-29 15:24:22
Restore point made on: 2012-08-29 17:15:49
Restore point made on: 2012-08-29 17:18:40

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4085.18 MB
Available physical RAM: 3480.8 MB
Total Pagefile: 4083.32 MB
Available Pagefile: 3485.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:202.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.16 GB) NTFS
9 Drive k: () (Removable) (Total:3.69 GB) (Free:3.67 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 3781 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3777 MB 4096 KB

==================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K FAT32 Removable 3777 MB Healthy

==================================================================================

Last Boot: 2012-07-18 08:23

==================== End Of Log =============================
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello rigs,

Please download ComboFix from here

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
I followed all your instructions for downloading, running and what to do and not to do, including not to click on the blue screen, with combofix. once i clicked it performed a check up and went right to the blue screen and started running. I guess everything went ok because it reboot it my pc and the "preparing log report" window came on. This where I'm curious because this window that's preparing the log report has been on for about 30-45 minutes. How long does it take to write the report? I'm getting worried that something it's not right........

Edited by rigs, 31 August 2012 - 03:13 PM.

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello rigs,

Is it still running? If so, try rebooting the machine and tell me how you get on.
  • 0

#9
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
please, disregard my previous message, after posting it I went to my other room to watch TV while waiting for the report. Well, I dozed off and fell asleep. I woke up and went back and checked the pc. The log report was there.

Man, it took a while but here it is.........


ComboFix 12-08-30.05 - RIGO 08/31/2012 14:14:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2625 [GMT -5:00]
Running from: c:\users\RIGO\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$9a8d82459d94c9dea7ee87dc52a166a0\n
c:\$recycle.bin\S-1-5-21-3026827408-1962054132-2561569089-1000\$9a8d82459d94c9dea7ee87dc52a166a0\n
c:\program files (x86)\Search Settings
c:\program files (x86)\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files (x86)\Search Settings\SearchSettings.exe
c:\program files\Web Assistant\ExTEnsion32.dll
c:\users\RIGO\AppData\Local\RivalGaming\RiVAlgaming.dll
c:\users\RIGO\AppData\Local\TempDIR
c:\users\RIGO\AppData\Roaming\chrtmp
c:\users\RIGO\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\RIGO\AppData\Roaming\Microsoft\bass.dll
c:\users\RIGO\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\RIGO\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\RIGO\AppData\Roaming\Microsoft\peaadje.dll
c:\users\RIGO\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\RIGO\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome.manifest
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\background.html
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\browser.xul
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\crossrider.js
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\crossriderapi.js
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\dialog.js
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\options.js
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\options.xul
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\search_dialog.xul
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\update.html
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\defaults\preferences\prefs.js
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\install.rdf
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\locale\en-US\translations.dtd
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\button1.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\button2.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\button3.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\button4.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\button5.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\crossrider_statusbar.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\icon128.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\icon16.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\icon24.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\icon48.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\panelarrow-up.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\popup.css
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\popup.html
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\popup_binding.xml
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\skin.css
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\update.css
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome.manifest
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\background.html
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\browser.xul
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\crossrider.js
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\crossriderapi.js
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\dialog.js
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\options.js
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\options.xul
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\search_dialog.xul
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\chrome\content\update.html
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\defaults\preferences\prefs.js
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\install.rdf
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\locale\en-US\translations.dtd
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\button1.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\button2.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\button3.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\button4.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\button5.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\crossrider_statusbar.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\icon128.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\icon16.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\icon24.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\icon48.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\panelarrow-up.png
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\popup.css
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\popup.html
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\popup_binding.xml
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\skin.css
c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\skin\update.css
c:\users\RIGO\AppData\Roaming\RIGOlog.dat
c:\users\RIGO\Favorites\auction.url
c:\windows\_detmp.2
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\iun6002.exe
c:\windows\SysWow64\Nagasoft
c:\windows\SysWow64\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\SysWow64\OneWay.dll.old0
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\SysMachine3.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\SysWOW64mfc45.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 19:29 . 2012-08-31 19:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-31 19:29 . 2012-08-31 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-31 04:34 . 2012-08-31 04:34 -------- d-----w- C:\FRST
2012-08-29 23:25 . 2012-08-29 23:25 -------- d-----w- c:\program files\Enigma Software Group
2012-08-29 23:23 . 2012-08-30 01:20 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-08-29 23:23 . 2012-08-29 23:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-29 03:29 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 03:29 . 2012-08-29 03:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-29 01:33 . 2012-08-29 01:35 -------- d--h--w- c:\windows\AxInstSV
2012-08-28 22:51 . 2012-08-28 22:51 -------- d-----w- c:\program files (x86)\McAfee.com
2012-08-28 22:51 . 2012-05-25 22:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-08-28 22:51 . 2012-08-28 22:51 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-08-28 22:51 . 2012-02-22 18:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-08-28 22:51 . 2012-02-22 18:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-08-28 22:51 . 2012-02-22 18:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-08-28 22:51 . 2012-02-22 18:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-08-28 22:51 . 2012-02-22 18:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-08-28 22:51 . 2012-02-22 18:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-08-28 22:50 . 2012-08-28 22:51 -------- d-----w- c:\program files\Common Files\McAfee
2012-08-28 22:50 . 2012-08-28 22:52 -------- d-----w- c:\program files\McAfee
2012-08-28 22:44 . 2012-06-22 12:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-08-28 19:34 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D67DF84-0FD5-4690-AD4F-8E76E32E814E}\mpengine.dll
2012-08-27 18:54 . 2012-08-27 19:02 -------- d-----w- c:\users\RIGO\AppData\Roaming\Firetrust
2012-08-27 18:54 . 2012-08-27 19:06 -------- d-----w- c:\program files (x86)\Firetrust
2012-08-26 19:35 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-26 19:35 . 2012-08-28 22:24 -------- d-----w- c:\programdata\AVAST Software
2012-08-26 19:35 . 2012-08-26 19:35 -------- d-----w- c:\program files\AVAST Software
2012-08-26 01:59 . 2010-06-08 07:35 339968 ----a-w- c:\windows\SysWow64\Asimcr.ocx
2012-08-26 01:59 . 2010-01-31 06:26 360448 ----a-w- c:\windows\SysWow64\libdll.dll
2012-08-26 01:59 . 2009-02-12 20:46 49152 ----a-w- c:\windows\SysWow64\mscdrun.dll
2012-08-26 01:59 . 2008-09-20 09:50 352256 ----a-w- c:\windows\SysWow64\AlphaImage.ocx
2012-08-26 01:59 . 2008-09-11 11:21 356352 ----a-w- c:\windows\SysWow64\butscn.ocx
2012-08-26 01:59 . 2005-11-23 13:25 385024 ----a-w- c:\windows\SysWow64\XPControls.ocx
2012-08-24 00:53 . 2009-02-05 07:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2012-08-18 00:55 . 2012-08-31 19:23 -------- d-----w- c:\users\RIGO\AppData\Local\RivalGaming
2012-08-16 01:17 . 2012-08-17 18:13 -------- d-----w- c:\program files (x86)\WinUtilities
2012-08-16 00:58 . 2012-08-16 00:59 -------- d-----w- c:\program files (x86)\All Sound Editor XP
2012-08-15 15:19 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 15:19 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 15:19 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 15:19 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 15:19 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 15:19 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 14:21 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 14:21 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 14:21 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 14:21 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 14:21 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 14:21 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 03:15 . 2012-08-15 03:15 -------- d-----w- c:\users\RIGO\AppData\Roaming\MusicBrainz
2012-08-15 03:14 . 2012-08-15 03:14 -------- d-----w- c:\program files (x86)\MusicBrainz Picard
2012-08-14 03:04 . 2012-08-14 03:16 -------- d-----w- C:\MP3Toolkit
2012-08-13 03:12 . 2012-08-13 03:38 -------- d-----w- c:\users\RIGO\AppData\Roaming\Mp3tag
2012-08-11 01:33 . 2012-08-11 01:34 -------- d-----w- c:\users\RIGO\AppData\Local\Ilivid Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 16:57 . 2012-04-16 16:16 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-22 16:57 . 2011-06-14 22:46 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 09:27 . 2010-03-17 20:51 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-22 12:38 . 2012-06-22 12:38 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-22 12:36 . 2012-06-22 12:36 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-22 12:34 . 2012-06-22 12:34 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-06-09 05:43 . 2012-07-11 19:54 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 19:55 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 19:55 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 19:53 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 19:54 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 19:54 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 19:54 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-19 00:51 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 00:52 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 00:52 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 00:52 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 00:51 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 00:52 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 00:51 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 00:51 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 00:51 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-08-03 366576]
"Spotify Web Helper"="c:\users\RIGO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-21 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PhoneTray"="c:\program files (x86)\Traysoft\PhoneTray\PhoneTray.exe" [2009-05-15 445680]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
.
c:\users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2009-2-18 50688]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files (x86)\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R1 fqpzyetf;fqpzyetf;c:\windows\system32\drivers\fqpzyetf.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-05-31 252928]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1255736]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 GizmoDrv;Gizmo Device Driver; [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 STGMFEngine64;Steganos RAM Disk Engine 64 Bit [Driver];c:\windows\system32\drivers\STGMFEngine64.sys [2010-09-03 14:45 28576]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-28 86016]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-18 517632]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 Steganos Volatile Disk;Steganos Volatile Disk;c:\windows\system32\STGRAMDiskHandler64.exe [x]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-04-17 918880]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 16:57]
.
2012-08-31 c:\windows\Tasks\RGames Updater.job
- c:\users\RIGO\AppData\Local\RivalGaming\Updater.exe [2012-08-30 18:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-05-08 20:14 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-28 6431232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
"combofix"="c:\combofix\CF31784.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com?a=1/
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/?ourmark=3&p=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-08-31 15:38:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 20:38
.
Pre-Run: 217,736,675,328 bytes free
Post-Run: 217,426,391,040 bytes free
.
- - End Of File - - 8274EDC8B7812D987421034FDE8509E9
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Download the attached reg files to your desktop
Double click and allow to merge
Reboot

These Registry files are specifically for this infection on this person's computer. They should NOT to be used on another machine, as it may cause serious damage causing the computer to become unusable.

After that

Please run Forbars Service Scanner again and post the log back here. Note: This is not the Forbar Recovery Scan Tool but the one we used earlier in this thread.
  • 0

Advertisements


#11
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
should I d/load directly from the infected pc or from an uninfected pc with a flash drive. I'm worried that if I click to d/load to a flash drive. The files attached will start running. are .reg files executable?
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Download direct to the infected PC. :thumbsup:
  • 0

#13
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
I tried to merge this files but a window pops up saying something like "illegal operation attempyted on a registry key that has been marked for deletion" what do I do?
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Reboot the machine and try again. Tell me how you get on. :)
  • 0

#15
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, I restarted my and all were installed except one. The mpssvc.reg when trying to merge the following message popped up, "cannot import c:\users\rigo\desktop\mpssvc.reg not all data was suscefully written to the registry some keys are open by the system or other procesess"
on the others a window popped asking to click yes if I want to install so I clicked "yes" so I guess they're installed.
I'm disabled and my care taker is here to put me to bed. can I continue this tomorrow? run the fss scan

Thank you
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP