Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

maliprog...got locked out , can we try again! [Closed]


  • This topic is locked This topic is locked

#1
tobefree2

tobefree2

    Member

  • Member
  • PipPip
  • 15 posts
this is tobefree who was trying to get rid of a file called hrupprog.die.now.
Been trying to log in as tobefree but unable to so had to register as new user. Anychance of getting this topic back up and running?
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Until we solve this logon problem please reply to your topic HERE with your new account. It's OK by me.

After you reply there I'll close this topic.
  • 0

#3
tobefree2

tobefree2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi finally what you were asking for. Now do be aware this is well over a week old now, things could have changed. do you want me to do a new scan and start from new?




OTL logfile created on: 8/09/2012 10:17:27 a.m. - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\Alpha\My Documents\Downloads\warm beats
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 80.71% Memory free
5.09 Gb Paging File | 4.11 Gb Available in Paging File | 80.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.88 Gb Total Space | 6.00 Gb Free Space | 4.26% Space Free | Partition Type: NTFS
Drive E: | 92.00 Gb Total Space | 78.12 Gb Free Space | 84.91% Space Free | Partition Type: NTFS

Computer Name: ALPHA-PC | User Name: Alpha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 13:11:10 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alpha\My Documents\Downloads\warm beats\OTL.exe
PRC - [2012/08/31 21:23:26 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/31 05:23:26 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe
PRC - [2012/08/30 16:28:44 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/17 08:35:40 | 000,079,384 | ---- | M] (Google) -- C:\Documents and Settings\Alpha\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Alpha\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/07/18 11:59:03 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/07/02 16:02:28 | 004,473,728 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/05/28 15:56:36 | 000,288,128 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/05/25 06:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Alpha\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/24 10:47:18 | 000,421,248 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/14 07:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/08/03 23:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/22 17:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/14 14:24:20 | 000,233,472 | ---- | M] (Vodafone Group) -- C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/05 18:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2001/11/27 07:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2012/08/30 16:28:26 | 002,242,528 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/15 20:51:19 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/07/05 13:54:32 | 001,218,432 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\Scan.dll
MOD - [2012/06/14 14:57:49 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/12 03:21:02 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/12 03:17:07 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:16:49 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 03:14:51 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 03:13:38 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 03:13:30 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/11/02 21:55:43 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/06/23 13:41:30 | 000,138,752 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
MOD - [2011/04/22 17:25:28 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\CodeLog.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2010/11/26 12:18:08 | 000,175,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
MOD - [2008/11/25 16:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\libxml2.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/10/05 02:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\zlib1.dll


========== Services (SafeList) ==========

SRV - [2012/08/31 21:23:26 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/31 05:23:26 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/08/30 16:28:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 20:51:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/11 08:56:35 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/14 07:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/12/05 12:52:41 | 000,670,224 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\xsherlock.xem -- (xsherlock)
SRV - [2011/08/15 09:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/08/03 23:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/06/08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/08 02:08:00 | 004,825,776 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2011/04/22 17:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EASEUS Agent)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/14 14:24:20 | 000,233,472 | ---- | M] (Vodafone Group) [Auto | Running] -- C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe -- (VodafoneConnectorService)
SRV - [2003/05/05 18:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\system32\Brmfrmps.exe -- (brmfrmps)
SRV - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (xspirit)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/08 07:12:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2C03797-E73A-40F4-9BB9-015DEFB10B4D}\MpKsl70e5446e.sys -- (MpKsl70e5446e)
DRV - [2012/07/05 13:54:18 | 000,016,248 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:54:16 | 000,030,408 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/06/24 19:02:38 | 000,018,584 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evolve.sys -- (EvolveVirtualAdapter)
DRV - [2012/06/19 16:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/02/14 07:02:02 | 000,087,312 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
DRV - [2012/01/18 18:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/05 18:07:40 | 000,246,816 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2012/01/01 18:15:19 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/10/23 13:35:21 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011/09/09 06:24:14 | 007,180,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/05/18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 09:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/04/22 17:26:12 | 000,035,720 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/04/22 17:26:08 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/04/22 17:26:06 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/04/22 17:26:04 | 000,030,600 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/04/22 17:26:02 | 000,187,528 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eudisk.sys -- (EUDISK)
DRV - [2010/11/26 17:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/04 14:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2010/07/13 13:57:17 | 000,108,032 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwser.sys -- (smhwser)
DRV - [2010/07/13 13:57:17 | 000,100,864 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwdev.sys -- (smhwdev)
DRV - [2010/07/13 13:57:17 | 000,025,728 | R--- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwadb.sys -- (androidusb)
DRV - [2010/04/08 19:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2010/02/12 00:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/27 15:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 15:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/18 15:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2001/08/17 12:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2001/08/10 06:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKCU\..\SearchScopes,DefaultScope = {BCC2F7B4-B18A-4486-B337-6790FCE92D87}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3071120
IE - HKCU\..\SearchScopes\{BCC2F7B4-B18A-4486-B337-6790FCE92D87}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{E3F1D95D-F4B9-47B8-9551-EFF692169162}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{E4E7F52F-5899-4530-A587-34D8A0E29658}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.nz/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.2
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Alpha\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Alpha\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Alpha\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Alpha\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Alpha\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Alpha\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/18 11:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/30 16:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/23 08:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alpha\Application Data\Mozilla\Extensions
[2012/08/25 14:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alpha\Application Data\Mozilla\Firefox\Profiles\wbj8yatc.default\extensions
[2012/08/21 15:07:25 | 000,000,000 | ---D | M] ("Star Stable Online") -- C:\Documents and Settings\Alpha\Application Data\Mozilla\Firefox\Profiles\wbj8yatc.default\extensions\[email protected]
[2012/03/10 11:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/25 17:34:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/30 16:28:45 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 17:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/30 16:28:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 17:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 17:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/30 16:28:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/12/21 17:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/09/08 06:33:24 | 000,002,432 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 216.239.32.20 www.google.ae # bck9
O1 - Hosts: 216.239.32.20 www.google.at # bck9
O1 - Hosts: 216.239.32.20 www.google.be # bck9
O1 - Hosts: 216.239.32.20 www.google.ca # bck9
O1 - Hosts: 216.239.32.20 www.google.ch # bck9
O1 - Hosts: 216.239.32.20 www.google.cl # bck9
O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
O1 - Hosts: 216.239.32.20 www.google.com # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
O1 - Hosts: 39 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [adobearm] C:\WINDOWS\adobearm.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Adobe Acrobat] C:\Documents and Settings\Alpha\Application Data\Microsoft\System\Services\Adobe Acrobat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Alpha\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe (IObit)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Alpha\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Alpha\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Alpha\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: starstable.com ([]* in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} http://www.starstabl...ioRuntimeAX.cab (PXStudioRuntimeAX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1318134443734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1318134505671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futur...y/FMSI_v420.cab (FuturemarkSystemInfoX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5B4F38B-11BA-4D41-8029-168466C43F50}: DhcpNameServer = 192.168.254.254 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\adobearm.exe) - C:\WINDOWS\adobearm.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://upload.wikime...ese_platter.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Alpha\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alpha\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/09 15:10:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13630f8b-d75b-11e1-a919-00241d5d3140}\Shell - "" = AutoRun
O33 - MountPoints2\{13630f8b-d75b-11e1-a919-00241d5d3140}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{13630f8b-d75b-11e1-a919-00241d5d3140}\Shell\AutoRun\command - "" = G:\PcOptions.exe
O33 - MountPoints2\{6b588552-d61b-11e1-a916-00241d5d3140}\Shell - "" = AutoRun
O33 - MountPoints2\{6b588552-d61b-11e1-a916-00241d5d3140}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b588552-d61b-11e1-a916-00241d5d3140}\Shell\AutoRun\command - "" = G:\PcOptions.exe
O33 - MountPoints2\{f9203ec1-f28f-11e0-8931-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9203ec1-f28f-11e0-8931-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/08 07:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Registry Mechanic
[2012/09/08 07:58:51 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2012/09/08 07:58:51 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2012/09/08 07:58:51 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2012/09/08 07:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/09/08 07:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Mechanic
[2012/09/07 17:58:32 | 000,108,032 | R--- | C] (QUALCOMM Incorporated) -- C:\WINDOWS\System32\drivers\smhwser.sys
[2012/09/07 17:58:32 | 000,100,864 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\smhwdev.sys
[2012/09/07 17:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2012/09/07 17:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2012/09/03 12:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Local Settings\Application Data\PCHealth
[2012/09/01 12:24:02 | 000,000,000 | ---D | C] -- C:\Documents
[2012/08/31 21:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/28 16:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\jagexcache
[2012/08/27 21:26:13 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/08/27 21:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Riot Games
[2012/08/27 20:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Desktop\League of legends
[2012/08/24 21:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Start Menu\Programs\Steam
[2012/08/24 21:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2012/08/24 21:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/08/21 23:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hi-Rez Studios
[2012/08/21 23:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2012/08/21 23:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hi-Rez Studios
[2012/08/21 22:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Application Data\.techniclauncher
[2012/08/21 15:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Local Settings\Application Data\StarStableOnline
[2012/08/21 15:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\StarStableOnline
[2012/08/19 21:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Application Data\DragonSaga
[2012/08/19 12:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kill3rCombo
[2012/08/19 11:50:58 | 000,327,618 | ---- | C] (Kill3rCombo ) -- C:\Documents and Settings\Alpha\Desktop\ElswordInstaller_v2.0814.7.1.exe
[2012/08/18 23:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Desktop\ISO'S
[2012/08/17 11:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Local Settings\Application Data\3DVIA
[2012/08/17 11:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Virtools
[2012/08/17 08:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Desktop\seplugins
[2012/08/17 08:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Desktop\sdk
[2012/08/17 08:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alpha\Desktop\PSP
[2012/08/17 07:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/08/11 10:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/08/11 10:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/08/11 10:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/08 10:09:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1004UA.job
[2012/09/08 09:51:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/08 09:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/08 08:24:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1004UA.job
[2012/09/08 07:58:59 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/09/08 07:58:52 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk
[2012/09/08 07:11:53 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/08 06:34:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1390067357-725345543-1004.job
[2012/09/08 06:33:58 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1390067357-725345543-1004.job
[2012/09/08 06:33:50 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/08 06:32:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/08 06:32:44 | 000,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/07 20:51:11 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Alpha\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/09/07 18:37:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\Skype.lnk
[2012/09/07 18:00:01 | 000,524,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/07 18:00:01 | 000,095,742 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/07 17:58:55 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_smhwadb_01005.Wdf
[2012/09/07 11:24:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1004Core.job
[2012/09/06 06:26:15 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/05 17:34:27 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/09/05 17:08:43 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\Selena Gomez Justin Bieber Beach Beach.url
[2012/09/05 06:09:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1004Core.job
[2012/09/04 18:36:41 | 000,028,437 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\File_Helen_keller_signature.svg
[2012/09/02 04:05:39 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\FATHERS DAY CARD JORJA.rtf
[2012/09/01 18:11:23 | 000,002,320 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\Google Chrome.lnk
[2012/09/01 10:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/29 17:22:26 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\Healthy-Breakfast-Ideas.jpg
[2012/08/28 19:32:27 | 000,018,633 | ---- | M] () -- C:\Documents and Settings\Alpha\My Documents\Elice Health.odt
[2012/08/28 18:31:37 | 000,000,894 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2012/08/28 16:19:41 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\Alpha\random.dat
[2012/08/28 16:03:31 | 000,000,061 | ---- | M] () -- C:\Documents and Settings\Alpha\jagex_cl_runescape_LIVE.dat
[2012/08/27 21:34:56 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2012/08/24 21:28:22 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\Dota 2.url
[2012/08/24 21:24:00 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2012/08/22 05:36:39 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2012/08/21 23:57:00 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/08/21 23:57:00 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smite Closed Beta.lnk
[2012/08/20 18:52:47 | 000,021,312 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\deannna.jpg
[2012/08/20 15:45:56 | 000,222,208 | -H-- | M] () -- C:\Documents and Settings\Alpha\My Documents\photothumb.db
[2012/08/19 12:23:57 | 1796,423,152 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\ElswordInstaller_v2.0814.7.1-1a.bin
[2012/08/19 12:20:14 | 000,327,618 | ---- | M] (Kill3rCombo ) -- C:\Documents and Settings\Alpha\Desktop\ElswordInstaller_v2.0814.7.1.exe
[2012/08/18 22:27:56 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/08/18 22:27:56 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Alpha\Application Data\PnkBstrK.sys
[2012/08/18 22:27:39 | 000,189,248 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012/08/18 14:21:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/15 22:36:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/13 16:33:15 | 000,000,462 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/08/13 15:33:16 | 000,067,028 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\1242955 (1).png
[2012/08/13 15:26:27 | 000,067,028 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\1242955.png
[2012/08/11 11:02:34 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Alpha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/11 10:11:37 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/08/10 10:26:00 | 000,367,894 | ---- | M] () -- C:\Documents and Settings\Alpha\Desktop\crazy-real-haircuts.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/08 07:58:59 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/09/08 07:58:52 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk
[2012/09/08 07:58:51 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/09/07 17:58:55 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_smhwadb_01005.Wdf
[2012/09/05 17:08:43 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\Selena Gomez Justin Bieber Beach Beach.url
[2012/09/04 18:36:39 | 000,028,437 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\File_Helen_keller_signature.svg
[2012/09/02 04:05:39 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\FATHERS DAY CARD JORJA.rtf
[2012/08/29 17:22:26 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\Healthy-Breakfast-Ideas.jpg
[2012/08/28 19:32:27 | 000,018,633 | ---- | C] () -- C:\Documents and Settings\Alpha\My Documents\Elice Health.odt
[2012/08/28 16:03:31 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Alpha\jagex_cl_runescape_LIVE.dat
[2012/08/28 16:03:31 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Alpha\random.dat
[2012/08/27 21:34:56 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2012/08/24 21:28:22 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\Dota 2.url
[2012/08/24 21:24:00 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2012/08/21 23:57:00 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/08/21 23:57:00 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smite Closed Beta.lnk
[2012/08/20 18:52:47 | 000,021,312 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\deannna.jpg
[2012/08/19 11:50:58 | 1796,423,152 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\ElswordInstaller_v2.0814.7.1-1a.bin
[2012/08/18 22:27:57 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/08/18 22:27:38 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/08/18 22:27:37 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/08/18 20:38:12 | 1593,917,440 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\GOWGOS.iso
[2012/08/13 15:33:19 | 000,067,028 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\1242955 (1).png
[2012/08/13 15:26:36 | 000,067,028 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\1242955.png
[2012/08/11 10:11:37 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/08/10 10:25:58 | 000,367,894 | ---- | C] () -- C:\Documents and Settings\Alpha\Desktop\crazy-real-haircuts.jpg
[2012/07/30 16:52:30 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2012/07/30 16:52:30 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2012/07/18 10:55:45 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/06/24 21:53:44 | 000,827,183 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1390067357-725345543-1004-0.dat
[2012/06/24 21:53:43 | 000,260,398 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/19 18:53:16 | 003,130,440 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_blr.exe
[2012/05/19 16:44:37 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2012/04/01 23:44:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Alpha\Local Settings\Application Data\fusioncache.dat
[2012/03/31 17:26:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/03/04 14:59:17 | 000,013,399 | -H-- | C] () -- C:\WINDOWS\hpothb07.dat
[2012/02/24 16:50:03 | 000,003,307 | ---- | C] () -- C:\Documents and Settings\Alpha\Application Data\kcxsa
[2012/02/16 19:45:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 10:58:09 | 000,029,406 | ---- | C] () -- C:\Documents and Settings\Alpha\Application Data\ksstep
[2012/02/08 18:36:50 | 000,009,828 | ---- | C] () -- C:\Documents and Settings\Alpha\Application Data\XLRSss
[2012/02/08 18:35:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adobearm.exe
[2012/01/10 06:19:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012/01/09 08:12:28 | 000,047,544 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/07 01:02:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/01 06:44:20 | 000,000,615 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/12/16 08:20:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/12/15 11:03:14 | 000,000,894 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/12/15 11:03:14 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/12/15 11:03:14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2011/12/15 11:02:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/12/11 19:07:08 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Alpha\Application Data\PnkBstrK.sys
[2011/12/11 19:06:50 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2011/12/11 17:20:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\clofghls.dll
[2011/12/10 17:33:46 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2011/12/04 13:47:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2011/11/17 13:40:38 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/11/12 14:14:49 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Alpha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/10 17:46:26 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/11/10 17:46:26 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/11/10 17:46:25 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2011/11/10 14:11:57 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2011/10/31 16:43:32 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_app.sys
[2011/10/31 16:43:32 | 000,000,003 | ---- | C] () -- C:\WINDOWS\approval.dat
[2011/10/31 16:43:26 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_ver.dat
[2011/10/29 11:49:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/10/29 11:49:18 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/10/29 11:49:17 | 000,239,869 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/10/29 11:49:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/10/26 07:25:58 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/10/25 18:25:01 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Alpha\Application Data\default.pls
[2011/10/25 18:24:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/23 13:39:09 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/10/15 10:12:41 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/10/10 09:12:22 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2011/10/10 04:02:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/10 04:01:49 | 000,247,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/09 20:54:28 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/10/09 20:54:28 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/10/09 20:38:58 | 000,035,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/10/09 20:36:57 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/10/09 20:09:49 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Alpha\.rnd
[2011/10/09 19:28:40 | 001,262,956 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE
[2011/10/09 19:28:40 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2011/10/09 16:13:50 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/09 15:55:31 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/09 15:55:31 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/09 15:55:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/09 15:55:27 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/10/09 15:11:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/09 15:08:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/19 19:07:46 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\bdmjpeg.dll
[2011/09/19 19:07:32 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2005/04/02 17:37:06 | 000,038,967 | -H-- | C] () -- C:\Documents and Settings\Alpha\Application Data\Alphalog.dat

========== LOP Check ==========

[2012/06/24 18:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Echobit
[2012/07/10 17:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/08/22 05:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2011/10/15 10:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/11/17 20:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/10/17 18:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011/12/14 07:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/10/09 19:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/11/15 17:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2012/01/13 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/12/30 08:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/11/17 20:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/09/07 22:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/08/21 15:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StarStableOnline
[2012/09/08 07:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/09/07 17:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2012/01/09 08:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/09/05 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\.minecraft
[2012/08/27 07:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\.techniclauncher
[2012/04/28 23:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\BANDISOFT
[2011/10/09 20:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\BinarySense
[2012/03/31 11:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/11/19 07:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Downloaded Installations
[2012/08/19 21:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\DragonSaga
[2012/09/08 06:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Dropbox
[2011/12/30 18:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Easeware
[2012/07/10 17:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Free Download Manager
[2011/12/14 07:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\IObit
[2012/07/04 16:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Leadertech
[2011/10/31 18:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\LolClient
[2012/07/04 17:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\MAGIX
[2011/11/17 20:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Nokia
[2012/06/24 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Notepad++
[2011/11/02 21:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\OpenOffice.org
[2012/06/25 18:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Oracle
[2011/11/17 20:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\PC Suite
[2012/02/12 12:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\PhotoScape
[2011/10/29 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\PriceGong
[2011/11/04 21:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Rovio
[2011/10/25 19:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\SpinTop
[2012/07/18 11:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Systweak
[2012/05/13 13:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\TeamViewer
[2011/11/05 22:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Unity
[2012/08/17 07:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\uTorrent
[2011/10/09 18:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Windows Desktop Search
[2011/11/02 21:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alpha\Application Data\Windows Search
[2012/08/01 06:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job
[2012/09/07 11:24:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1004Core.job
[2012/09/08 08:24:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1004UA.job
[2012/09/08 07:58:59 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F4A0A6B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55422315
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F63A059B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

Now do be aware this is well over a week old now, things could have changed. do you want me to do a new scan and start from new?


You are right and we will double check everything. I'll run some more scans before doing any serious fix.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3071120
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>
    O4 - HKLM..\Run: [adobearm] C:\WINDOWS\adobearm.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\adobearm.exe) - C:\WINDOWS\adobearm.exe ()
    O33 - MountPoints2\{13630f8b-d75b-11e1-a919-00241d5d3140}\Shell - "" = AutoRun
    O33 - MountPoints2\{13630f8b-d75b-11e1-a919-00241d5d3140}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{13630f8b-d75b-11e1-a919-00241d5d3140}\Shell\AutoRun\command - "" = G:\PcOptions.exe
    O33 - MountPoints2\{6b588552-d61b-11e1-a916-00241d5d3140}\Shell - "" = AutoRun
    O33 - MountPoints2\{6b588552-d61b-11e1-a916-00241d5d3140}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6b588552-d61b-11e1-a916-00241d5d3140}\Shell\AutoRun\command - "" = G:\PcOptions.exe
    O33 - MountPoints2\{f9203ec1-f28f-11e0-8931-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{f9203ec1-f28f-11e0-8931-806d6172696f}\Shell\AutoRun - "" = Auto&Play

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply
Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#5
tobefree2

tobefree2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello maliprog, It seems that the internet on my computer with the file has stopped working, i believe that it is the file that is causing this but i am not sure. I am sure that it is not the modem/dsl cable because i have swapped them twice. Any help on how to do this without internet on that computer?
  • 0

#6
tobefree2

tobefree2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\adobearm not found.
C:\WINDOWS\adobearm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\adobearm.exe deleted successfully.
File C:\WINDOWS\adobearm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13630f8b-d75b-11e1-a919-00241d5d3140}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13630f8b-d75b-11e1-a919-00241d5d3140}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13630f8b-d75b-11e1-a919-00241d5d3140}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13630f8b-d75b-11e1-a919-00241d5d3140}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13630f8b-d75b-11e1-a919-00241d5d3140}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13630f8b-d75b-11e1-a919-00241d5d3140}\ not found.
File G:\PcOptions.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b588552-d61b-11e1-a916-00241d5d3140}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b588552-d61b-11e1-a916-00241d5d3140}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b588552-d61b-11e1-a916-00241d5d3140}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b588552-d61b-11e1-a916-00241d5d3140}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b588552-d61b-11e1-a916-00241d5d3140}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b588552-d61b-11e1-a916-00241d5d3140}\ not found.
File G:\PcOptions.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9203ec1-f28f-11e0-8931-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9203ec1-f28f-11e0-8931-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9203ec1-f28f-11e0-8931-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9203ec1-f28f-11e0-8931-806d6172696f}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Alpha\My Documents\Downloads\otl\cmd.bat deleted successfully.
C:\Documents and Settings\Alpha\My Documents\Downloads\otl\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.61.0 log created on 09142012_121959
  • 0

#7
tobefree2

tobefree2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
attempting to send tdsskiller log, but am told post is too long. do you want me to post as two posts?
  • 0

#8
tobefree2

tobefree2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-14 13:04:24
-----------------------------
13:04:24.250 OS Version: Windows 5.1.2600 Service Pack 3
13:04:24.250 Number of processors: 2 586 0x203
13:04:24.250 ComputerName: ALPHA-PC UserName: Alpha
13:04:27.328 Initialize success
13:05:09.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
13:05:09.593 Disk 0 Vendor: WDC_WD25 01.0 Size: 238474MB BusType: 3
13:05:09.625 Disk 0 MBR read successfully
13:05:09.625 Disk 0 MBR scan
13:05:09.625 Disk 0 Windows XP default MBR code
13:05:09.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144263 MB offset 63
13:05:09.625 Disk 0 Partition - 00 0F Extended LBA 94209 MB offset 295451415
13:05:09.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 94209 MB offset 295451478
13:05:09.656 Disk 0 scanning sectors +488392065
13:05:09.734 Disk 0 scanning C:\WINDOWS\system32\drivers
13:05:17.812 Service scanning
13:05:23.062 Service MpKsl753cbb2d C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9776C6E-6023-4FB3-A5F2-97D2F8AC22C9}\MpKsl753cbb2d.sys **LOCKED** 32
13:05:30.671 Modules scanning
13:05:46.515 Disk 0 trace - called modules:
13:05:46.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
13:05:46.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b1c7ab8]
13:05:46.546 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8b1c89a8]
13:05:46.546 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8b1eaa38]
13:05:46.562 Scan finished successfully
13:06:28.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alpha\Desktop\MBR.dat"
13:06:28.109 The log file has been saved successfully to "C:\Documents and Settings\Alpha\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.dat   512bytes   32 downloads

  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi tobefree2,

Hello maliprog, It seems that the internet on my computer with the file has stopped working, i believe that it is the file that is causing this but i am not sure. I am sure that it is not the modem/dsl cable because i have swapped them twice. Any help on how to do this without internet on that computer?


This is usually caused by malware. We will try to sort it.

Do you have USB memory stick and another clean PC to download and transfer my tools and logs?
  • 0

#10
tobefree2

tobefree2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
hi, that message was sent by my son. I still can access internet, sometimes bit dicky!! Got spare computer, has issues also, but work on one at a time!

I have managed to do everything u have asked except post one txt file (which was too long to send), see other posts to clarify.


thanx so much for your help and perseverance.
  • 0

Advertisements


#11
tobefree2

tobefree2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
and yes do have usb and spare computer!
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please forgive me for late response. I'm not able to answer right now. I will be back tomorrow and we will continue as usual with the fix.
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi tobefree2,

Let's continue...

Step 1

We will need clean PC and USB memory to download and transfer tools to infected PC. First we need to disinfect your USB memory so you can transfer files and not get infected. Do this step only once. After that download tools on working PC and transfer it to infected one to do scans.

Do this on the clean computer:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 3


Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here


  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply


Step 4

Please don't forget to include these items in your reply:

  • FSS log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#14
tobefree2

tobefree2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Farbar Service Scanner Version: 06-08-2012
Ran by Alpha (administrator) on 19-09-2012 at 06:41:56
Running from "C:\Documents and Settings\Alpha\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
bckd(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(10)
0x0A0000000500000001000000020000000300000004000000080000000700000006000000090000000A000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#15
tobefree2

tobefree2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 12-09-18.06 - Alpha 19/09/2012 7:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.64.1033.18.3327.2698 [GMT 12:00]
Running from: c:\documents and settings\Alpha\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Alpha\Application Data\Alphalog.dat
c:\documents and settings\Alpha\Application Data\Microsoft\System\Services\Adobe Acrobat.exe
c:\documents and settings\Alpha\Application Data\PriceGong
c:\documents and settings\Alpha\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Alpha\Cookies\hpothb07.dat
c:\documents and settings\Alpha\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\roboot.exe
c:\windows\system32\SETB11.tmp
c:\windows\system32\SETB34.tmp
c:\windows\system32\SETB35.tmp
c:\windows\system32\SETB36.tmp
c:\windows\system32\SETB3A.tmp
c:\windows\system32\SETB3B.tmp
c:\windows\system32\SETB3C.tmp
c:\windows\system32\SETB40.tmp
c:\windows\system32\SETB42.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\documents and settings\All Users\Application Data\VodafoneConnectorService.log . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-17 19:30 . 2012-09-17 19:30 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A7092817-768A-4D51-A0F3-B0B764D0552D}\offreg.dll
2012-09-17 19:28 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A7092817-768A-4D51-A0F3-B0B764D0552D}\mpengine.dll
2012-09-16 18:57 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-14 00:19 . 2012-09-14 00:19 -------- d-----w- C:\_OTL
2012-09-13 00:19 . 2012-09-13 00:19 -------- d-----w- c:\program files\EA Games
2012-09-12 23:50 . 2012-09-12 23:50 -------- d-----w- c:\program files\Microsoft Games
2012-09-07 19:58 . 2012-04-26 02:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-09-07 19:58 . 2008-09-17 09:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-09-07 19:58 . 2008-04-02 03:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-09-07 19:58 . 2008-04-02 03:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-09-07 19:58 . 2008-04-02 03:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-09-07 19:58 . 2012-09-07 19:58 -------- d-----w- c:\program files\Common Files\PC Tools
2012-09-07 19:58 . 2012-09-18 19:14 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-09-07 05:58 . 2010-07-13 01:57 108032 ----a-r- c:\windows\system32\drivers\smhwser.sys
2012-09-07 05:58 . 2010-07-13 01:57 100864 ----a-r- c:\windows\system32\drivers\smhwdev.sys
2012-09-07 05:58 . 2010-07-13 01:57 25728 ----a-r- c:\windows\system32\drivers\smhwadb.sys
2012-09-07 05:58 . 2010-07-13 01:57 1419232 ----a-r- c:\windows\system32\wdfcoinstaller01005.dll
2012-09-07 05:58 . 2012-09-07 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2012-09-07 05:58 . 2012-09-07 05:58 -------- d-----w- c:\program files\Vodafone
2012-09-03 00:40 . 2012-09-03 00:40 -------- d-----w- c:\documents and settings\Alpha\Local Settings\Application Data\PCHealth
2012-09-01 15:20 . 2012-09-01 15:20 -------- d-----w- c:\documents and settings\Default User\Application Data\IObit
2012-09-01 00:24 . 2012-09-13 08:36 -------- d-----w- C:\Documents
2012-08-31 09:24 . 2012-08-31 09:24 -------- d-----w- c:\program files\Common Files\Java
2012-08-31 09:23 . 2012-08-31 09:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 04:28 . 2012-08-30 04:28 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 04:03 . 2012-08-28 04:03 -------- d-----w- c:\documents and settings\Alpha\jagexcache
2012-08-27 09:26 . 2012-08-27 09:26 -------- d-----w- C:\Riot Games
2012-08-24 09:23 . 2012-09-18 19:15 -------- d-----w- c:\program files\Steam
2012-08-21 11:56 . 2012-08-21 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Hi-Rez Studios
2012-08-21 11:56 . 2012-08-21 11:57 -------- d-----w- c:\program files\Hi-Rez Studios
2012-08-21 10:39 . 2012-08-26 19:50 -------- d-----w- c:\documents and settings\Alpha\Application Data\.techniclauncher
2012-08-21 03:07 . 2012-08-21 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\StarStableOnline
2012-08-21 03:07 . 2012-08-21 03:07 -------- d-----w- c:\documents and settings\Alpha\Local Settings\Application Data\StarStableOnline
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 09:23 . 2011-10-09 09:01 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-31 09:23 . 2012-06-25 06:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 09:23 . 2011-10-09 09:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-18 10:27 . 2012-08-18 10:27 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-18 10:27 . 2011-12-11 07:07 138056 ----a-w- c:\documents and settings\Alpha\Application Data\PnkBstrK.sys
2012-08-18 10:27 . 2012-08-18 10:27 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-18 10:27 . 2011-12-11 07:06 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-18 10:27 . 2012-08-18 10:27 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-15 08:51 . 2012-04-06 19:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 08:51 . 2011-10-09 08:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 23:59 . 2011-11-28 04:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-17 23:58 . 2011-11-28 04:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-11 09:54 . 2011-12-11 10:55 298016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-07-06 13:58 . 2001-08-18 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-10-09 03:07 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 04:00 . 2012-07-04 04:00 53248 ----a-r- c:\documents and settings\Alpha\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-03 13:40 . 2001-08-18 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2001-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2001-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2001-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2011-10-09 03:23 385024 ------w- c:\windows\system32\html.iec
2012-06-24 07:02 . 2012-06-24 07:02 18584 ----a-w- c:\windows\system32\drivers\evolve.sys
2012-08-30 04:28 . 2011-12-22 20:40 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Alpha\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Alpha\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Alpha\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Alpha\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Alpha\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" [2012-05-23 421248]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-24 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"nwiz"="c:\program files\nvidia corporation\nview\nwiz.exe" [2011-07-04 1632360]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-07-17 296096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Alpha\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Alpha\Application Data\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2011-12-15 815104]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 08:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-11 23:19 138096 ----atw- c:\documents and settings\Alpha\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 02:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-02 21:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\Alpha\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\leirox\\OpenLieroX\\OpenLieroX.exe"=
"c:\\Program Files\\IObit\\IObit Malware Fighter\\IMF.exe"=
"c:\\Documents and Settings\\Alpha\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Age of Empires 2\\age2_x1.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Alpha\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Nexon\\MapleStory\\ArcticStory Redirector R3.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Alpha\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"57543:TCP"= 57543:TCP:Pando Media Booster
"57543:UDP"= 57543:UDP:Pando Media Booster
"57854:TCP"= 57854:TCP:Pando Media Booster
"57854:UDP"= 57854:UDP:Pando Media Booster
"57522:TCP"= 57522:TCP:Pando Media Booster
"57522:UDP"= 57522:UDP:Pando Media Booster
"1073:TCP"= 1073:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [21/08/2012 11:56 p.m. 8704]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [9/10/2011 8:38 p.m. 30600]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [9/10/2011 8:38 p.m. 35720]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [9/10/2011 8:38 p.m. 20744]
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [17/10/2011 6:23 p.m. 102728]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/10/2011 8:54 p.m. 14776]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [14/02/2012 7:02 a.m. 87312]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [9/10/2011 8:38 p.m. 14216]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [14/12/2011 7:10 a.m. 913792]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [19/08/2001 14336]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [11/06/2011 9:41 a.m. 1604880]
R2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [9/10/2011 8:38 p.m. 56200]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [9/10/2011 8:54 p.m. 821592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9/10/2011 3:55 p.m. 2255464]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8/09/2012 7:58 a.m. 793048]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 1:33 p.m. 3064000]
R2 VodafoneConnectorService;Vodafone Connector Service;c:\program files\Vodafone\Via The Phone\VodafoneConnectorService.exe [14/05/2010 2:24 p.m. 233472]
R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [9/10/2011 8:38 p.m. 187528]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/03/2012 10:23 a.m. 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/07/2012 1:19 p.m. 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/04/2012 7:18 a.m. 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/10/2011 3:45 p.m. 1691480]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [7/09/2012 5:58 p.m. 25728]
S3 dump_wmimmc;dump_wmimmc;\??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys --> c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\drivers\evolve.sys [24/06/2012 7:02 p.m. 18584]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [18/07/2012 11:11 a.m. 246816]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [10/10/2011 8:54 a.m. 130976]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/03/2012 10:23 a.m. 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [21/06/2012 7:16 p.m. 114144]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/11/2011 8:04 p.m. 137600]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [18/07/2012 11:11 a.m. 30408]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [7/09/2012 5:58 p.m. 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [7/09/2012 5:58 p.m. 108032]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [15/10/2011 10:12 a.m. 12984]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [18/07/2012 11:11 a.m. 16248]
S3 vtany;vtany; [x]
S3 xhunter1;xhunter1; [x]
S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [5/12/2011 12:52 p.m. 670224]
S3 xspirit;xspirit; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 02:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 08:51]
.
2012-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 04:57]
.
2012-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1004Core.job
- c:\documents and settings\Alpha\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-02 23:19]
.
2012-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1004UA.job
- c:\documents and settings\Alpha\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-02 23:19]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-01 22:23]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-01 22:23]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1004Core.job
- c:\documents and settings\Alpha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-23 03:49]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1004UA.job
- c:\documents and settings\Alpha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-23 03:49]
.
2012-09-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 05:03]
.
2012-09-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1390067357-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 00:00]
.
2012-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1390067357-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 00:00]
.
2012-09-18 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-09-07 02:08]
.
2012-09-18 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-09-07 02:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: starstable.com
TCP: DhcpNameServer = 192.168.254.254 192.168.0.1
DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} - hxxp://www.starstable.com/plugin/PXStudioRuntimeAX.cab
DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab
FF - ProfilePath - c:\documents and settings\Alpha\Application Data\Mozilla\Firefox\Profiles\wbj8yatc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-59815686.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-EvolveClient - c:\program files\echobit\evolve\evolveclient.exe
MSConfigStartUp-PC Suite Tray - c:\program files\nokia\nokia pc suite 7\pcsuite.exe
AddRemove-Advanced System Protector_is1 - c:\program files\Advanced System Protector\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-19 07:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{34A0FF07-F11A-4157-84A3-92F8AD688CBF}]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(5424)
c:\windows\system32\WININET.dll
c:\documents and settings\Alpha\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-09-19 07:21:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-18 19:21
.
Pre-Run: 10,055,860,224 bytes free
Post-Run: 13,375,782,912 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - 61B89618A9454C099ED8DB6E6B5265B0
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP