Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malwarebytes stopped working [Solved]

Started by younggeeza , Oct 20 2012 02:02 PM

This topic is locked

#16
younggeeza

Posted 28 October 2012 - 09:16 AM

Member

Topic Starter
Member
112 posts

Something new - I can't log in to any of the user areas on my PC anymore. I'll click to log, it'll tell me something like 'loading user personal settings' and then the screen will flash back for a split second, back to the logon screen and then tell me that it's 'saving user personal settings.'

#17
Nedklaw

Posted 30 October 2012 - 02:18 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

First, disconnect your PC from the internet so that more malware can't be downloaded onto your machine.
As the malware keeps reappearing, we are going to work outside of Windows.

Step 1

Please print these instructions out so that you know what you are doing.

Download OTLPENet.exe to your desktop.
Download Farbar Recovery Scan Tool and save it to a flash drive.
Ensure that you have a blank CD in the drive.
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD.
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here.
As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads.
Your system should now display a Reatogo desktop.
Note: As you are running from a CD it is not exactly speedy.
Insert the flash drive with FRST on it.
Locate the flash drive and run FRST.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Press the Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.

Things I want to see in your next reply

FRST.txt

#18
younggeeza

Posted 31 October 2012 - 11:36 AM

Member

Topic Starter
Member
112 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2012
Ran by SYSTEM at 31-10-2012 18:27:57
Running from J:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet005

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [CTHelper] CTHELPER.EXE [x]
HKLM\...\Run: [AlcWzrd] ALCWZRD.EXE [x]
HKLM\...\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent [x]
HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE [135214 2003-09-04] (Logitech Inc.)
HKLM\...\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [184320 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [319488 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AGRSMMSG] AGRSMMSG.exe [x]
HKLM\...\Run: [F5D8055v2] C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe [1662976 2009-04-08] (Belkin)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13680640 2009-01-15] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2009-01-15] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKU\Alex\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Alex\...\Run: [HphSwemj] C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\yjpdmegv\hphswemj.exe [100144 2012-10-28] ()
HKU\Compaq_Owner\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\Compaq_Owner\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-07-02] ()
HKU\Compaq_Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Compaq_Owner\...\Run: [HphSwemj] C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\yjpdmegv\hphswemj.exe [100144 2012-10-28] ()
HKU\Default User\...\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE [15360 2008-04-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] [x]
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Startup: C:\Documents and Settings\Alex\Start Menu\Programs\Startup\hphswemj.exe ()
Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\hphswemj.exe ()

==================== Services (Whitelisted) ===================

2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [132424 2008-11-07] (Apple Inc.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [115168 2012-10-26] (Mozilla Foundation)
2 PCTWPASV; "C:\Program Files\Arcadyan Wireless\pctwpasv.exe" [204800 2004-01-30] (PCTEL Inc.)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 catchme; \??\C:\ComboFix.exe\catchme.sys [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

3 ADM8511; C:\Windows\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated)
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2011-01-02] (Cisco Systems, Inc.)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [333600 2003-11-12] (Creative Technology Ltd)
3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [904496 2003-11-13] (Creative Technology Ltd)
3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [148432 2003-11-13] (Creative Technology Ltd)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation)
3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.)
2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12184 2011-09-02] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28816 2008-09-26] (Logitech, Inc.)
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2012-10-20] (Malwarebytes Corporation)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
3 PCTINDIS5; \??\C:\WINDOWS\System32\PCTINDIS5.SYS [17359 2004-01-15] (PCTEL Inc.)
3 Pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-18] (Padus, Inc.)
3 PID_0920; C:\Windows\System32\DRIVERS\LV532AV.SYS [152576 2003-09-04] (Logitech Inc.)
3 PRISM_A00; C:\Windows\System32\DRIVERS\PCTELSAP.SYS [350282 2004-01-29] (PCTEL Inc.)
3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [713344 2009-04-03] (Ralink Technology, Corp.)
3 rtl8139; C:\Windows\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation )
3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [229888 2004-09-29] (Silicon Integrated Systems Corporation)
1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [12928 2004-09-24] (Silicon Integrated Systems Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2011-01-04] (Duplex Secure Ltd.)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-06-06] (Windows ® Codename Longhorn DDK provider)
3 USBCM; C:\Windows\System32\DRIVERS\Sacm1K.sys [15429 2004-06-10] ( )
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-07] (Windows ® Codename Longhorn DDK provider)
3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [173312 2004-09-23] (Copyright © VIA/S3 Graphics Co, Ltd.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
3 PROCEXP151; \??\C:\WINDOWS\system32\Drivers\PROCEXP151.SYS [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RegKernelHelp; \??\C:\Program Files\Safe Returner\RegKernelHelp.sys [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20040813.178\symidsco.sys [x]
4 sym_hi; [x]
4 sym_u3; [x]
3 TlntSvr; [x]
4 TosIde; [x]
4 ultra; [x]
0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-10-31 18:27 - 2012-10-31 18:27 - 00000000 ____D C:\FRST
2012-10-28 10:50 - 2012-10-28 10:50 - 00003175 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[3].txt
2012-10-28 10:48 - 2012-10-28 10:48 - 00003346 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[2].txt
2012-10-28 10:47 - 2012-10-28 10:47 - 00100144 ___AH C:\Documents and Settings\Compaq_Owner\UN4Qzhb
2012-10-28 10:41 - 2012-10-28 10:47 - 00100144 ___AH C:\Documents and Settings\Compaq_Owner\ytyucuYT
22012-10-27 23:45 - 2012-10-27 23:45 - 00068443 ____A C:\ComboFix.txt
2012-10-27 23:44 - 2012-10-28 10:46 - 00100144 ___AH C:\Documents and Settings\Compaq_Owner\1CeYHfG
2012-10-27 23:43 - 2012-10-27 23:43 - 00004078 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ncoguvxx.log
2012-10-27 23:42 - 2012-10-28 10:55 - 00001088 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\yvcwfauj.log
2012-10-27 23:37 - 2012-10-28 10:57 - 00000028 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\istlpdhg.log
2012-10-27 23:37 - 2012-10-28 10:54 - 00659463 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kjnojkrt.log
2012-10-27 23:37 - 2012-10-27 23:37 - 00575776 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\jjxylaod.log
2012-10-27 23:37 - 2012-10-27 23:37 - 00377036 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\weljvrww.log
2012-10-27 23:37 - 2012-10-27 23:37 - 00003247 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\bsbybbtu.log
2012-10-27 23:37 - 2012-10-27 23:37 - 00003117 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ulrmjsst.log
2012-10-27 23:37 - 2012-10-27 23:37 - 00000307 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\tyyliydr.log
2012-10-27 23:36 - 2012-10-28 10:53 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\yjpdmegv
2012-10-27 23:19 - 2012-10-27 23:21 - 00001818 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Text Document (2).txt
2012-10-27 23:15 - 2012-10-27 23:15 - 00001406 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[1].txt
2012-10-26 21:51 - 2012-10-28 10:58 - 00000000 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\gkdeeafs.log
2012-10-26 21:39 - 2012-10-28 10:58 - 00000000 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ddjylpac.log
2012-10-26 21:39 - 2012-10-26 21:39 - 00000000 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kbfucgar.log
2012-10-26 19:41 - 2012-10-26 21:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-26 00:36 - 2012-10-28 10:47 - 00100144 ___AH C:\Windows\System32\ytyucuYT
2012-10-25 19:46 - 2012-10-28 10:53 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
2012-10-25 19:43 - 2012-10-25 19:43 - 01682432 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RogueKiller.exe
2012-10-25 19:36 - 2012-10-25 19:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-24 20:18 - 2012-10-27 23:06 - 00000028 ____A C:\Documents and Settings\Alex\Local Settings\Application Data\istlpdhg.log
2012-10-24 20:18 - 2012-10-24 20:18 - 00000000 ____A C:\Documents and Settings\Alex\Local Settings\Application Data\kbfucgar.log
2012-10-24 20:18 - 2012-10-24 20:18 - 00000000 ____A C:\Documents and Settings\Alex\Local Settings\Application Data\evwkedna.log
2012-10-23 22:34 - 2012-10-27 09:27 - 00015850 ____A C:\Documents and Settings\Compaq_Owner\Desktop\draft calc.xlsx
2012-10-23 18:49 - 2012-10-23 18:49 - 00003837 ____A C:\Documents and Settings\Compaq_Owner\Desktop\FSS.txt
2012-10-23 18:29 - 2012-10-27 23:22 - 04989309 ____R (Swearware) C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe.exe
2012-10-23 18:20 - 2012-10-23 18:18 - 00694323 ____A (Farbar) C:\Documents and Settings\Compaq_Owner\Desktop\FSS.exe
2012-10-23 18:00 - 2012-08-20 12:33 - 02212440 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Compaq_Owner\Desktop\TDSSKiller.exe
2012-10-23 17:59 - 2012-10-23 17:59 - 00609880 ____A C:\Documents and Settings\Compaq_Owner\Desktop\cbsidlm-tr1_7-Combofix-ORG2-75221073.exe
2012-10-22 12:25 - 2012-10-22 12:25 - 00008714 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Microsoft Office Excel Worksheet.xlsx
2012-10-22 06:45 - 2012-10-22 06:45 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
2012-10-20 22:19 - 2012-10-20 22:19 - 00001710 ____A C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt
2012-10-20 20:37 - 2012-10-23 17:06 - 00051782 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Text Document.txt
2012-10-20 16:08 - 2012-10-20 16:08 - 10669952 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.65.1.1000.exe
2012-10-20 15:55 - 2012-10-25 20:17 - 00094162 ____A C:\Documents and Settings\Compaq_Owner\Desktop\OTL.Txt
2012-10-20 15:39 - 2012-10-20 16:09 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-10-20 15:29 - 2012-10-20 16:09 - 00000792 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-20 15:29 - 2012-10-20 16:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-20 15:29 - 2012-09-29 14:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-20 00:35 - 2012-10-26 21:38 - 00000000 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\evwkedna.log
2012-10-20 00:31 - 2012-10-20 00:31 - 00000064 ____A C:\Documents and Settings\All Users\Application Data\vtcgnrlh.log
2012-10-14 12:48 - 2012-10-27 09:23 - 00000607 ____A C:\Documents and Settings\Compaq_Owner\Desktop\Utopia Angel.lnk
2012-10-14 12:47 - 2012-10-14 12:47 - 00000000 ____D C:\Utopia
2012-10-10 08:35 - 2012-10-27 09:21 - 00000122 ____A C:\Documents and Settings\Compaq_Owner\Desktop\110k.txt
2012-10-09 12:35 - 2012-10-09 12:35 - 09575864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-10-06 08:14 - 2012-10-06 08:14 - 01597734 ___AH C:\Documents and Settings\Compaq_Owner\Desktop\untitled54.bmp

==================== 3 Months Modified Files ==================

2012-10-30 19:34 - 2004-01-01 04:38 - 00032542 ____A C:\Windows\SchedLgU.Txt
2012-10-30 19:34 - 2004-01-01 04:38 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-30 19:34 - 2004-01-01 04:34 - 01549828 ____A C:\Windows\WindowsUpdate.log
2012-10-30 19:34 - 2004-01-01 04:31 - 00000216 ____A C:\Windows\wiadebug.log
2012-10-30 19:34 - 2004-01-01 04:31 - 00000050 ____A C:\Windows\wiaservc.log
2012-10-30 19:04 - 2004-01-01 04:28 - 00616738 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-30 19:00 - 2004-01-01 04:38 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-10-30 19:00 - 2004-01-01 04:38 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-10-30 18:21 - 2009-01-06 18:08 - 00000178 __ASH C:\Documents and Settings\Compaq_Owner\ntuser.ini
2012-10-30 18:21 - 2009-01-06 18:08 - 00000062 __ASH C:\Documents and Settings\Compaq_Owner\Local Settings\desktop.ini
2012-10-30 18:21 - 2004-01-01 11:22 - 00012620 ____A C:\Windows\System32\wpa.dbl
2012-10-28 11:04 - 2010-12-28 05:45 - 00000178 _ASHC C:\Documents and Settings\Administrator\ntuser.ini
2012-10-28 11:04 - 2010-12-28 05:45 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-10-28 11:02 - 2009-02-20 12:45 - 00000178 __ASH C:\Documents and Settings\Alex\ntuser.ini
2012-10-28 11:02 - 2009-02-20 12:45 - 00000062 __ASH C:\Documents and Settings\Alex\Local Settings\desktop.ini
2012-10-28 10:58 - 2012-10-26 21:51 - 00000000 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\gkdeeafs.log
2012-10-28 10:58 - 2012-10-26 21:39 - 00000000 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ddjylpac.log
2012-10-28 10:57 - 2012-10-27 23:37 - 00000028 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\istlpdhg.log
2012-10-28 10:55 - 2012-10-27 23:42 - 00001088 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\yvcwfauj.log
2012-10-28 10:54 - 2012-10-27 23:37 - 00659463 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kjnojkrt.log
2012-10-28 10:50 - 2012-10-28 10:50 - 00003175 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[3].txt
2012-10-28 10:48 - 2012-10-28 10:48 - 00003346 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[2].txt
2012-10-28 10:47 - 2012-10-28 10:47 - 00100144 ___AH C:\Documents and Settings\Compaq_Owner\UN4Qzhb
2012-10-28 10:47 - 2012-10-28 10:41 - 00100144 ___AH C:\Documents and Settings\Compaq_Owner\ytyucuYT
2012-10-28 10:47 - 2012-10-26 00:36 - 00100144 ___AH C:\Windows\System32\ytyucuYT
2012-10-28 10:47 - 2012-04-05 14:15 - 00206530 ____A C:\Windows\System32\nvapps.xml
2012-10-28 10:47 - 2009-09-13 12:42 - 00000000 ____A C:\Documents and Settings\Compaq_Owner\order.txt
2012-10-28 10:46 - 2012-10-27 23:44 - 00100144 ___AH C:\Documents and Settings\Compaq_Owner\1CeYHfG
2012-10-28 10:43 - 2004-01-01 11:23 - 00000282 _RASH C:\boot.ini
2012-10-28 10:43 - 2004-01-01 11:22 - 00000582 ____A C:\Windows\win.ini
2012-10-28 10:43 - 2004-01-01 11:22 - 00000227 ____A C:\Windows\system.ini
2012-10-28 10:16 - 2010-12-22 04:49 - 00629725 ____A C:\Windows\setupapi.log
2012-10-27 23:45 - 2012-10-27 23:45 - 00068443 ____A C:\ComboFix.txt
2012-10-27 23:43 - 2012-10-27 23:43 - 00004078 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ncoguvxx.log
2012-10-27 23:37 - 2012-10-27 23:37 - 00575776 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\jjxylaod.log
2012-10-27 23:37 - 2012-10-27 23:37 - 00377036 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\weljvrww.log
2012-10-27 23:37 - 2012-10-27 23:37 - 00003247 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\bsbybbtu.log
2012-10-27 23:37 - 2012-10-27 23:37 - 00003117 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ulrmjsst.log
2012-10-27 23:37 - 2012-10-27 23:37 - 00000307 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\tyyliydr.log
2012-10-27 23:35 - 2004-01-01 04:27 - 44990464 ____A C:\Windows\System32\config\software.bak
2012-10-27 23:35 - 2004-01-01 04:27 - 14942208 ____A C:\Windows\System32\config\system.bak
2012-10-27 23:35 - 2004-01-01 04:27 - 03416064 ____A C:\Windows\System32\config\default.bak
2012-10-27 23:35 - 2004-01-01 04:27 - 00057344 ____A C:\Windows\System32\config\security.bak
2012-10-27 23:35 - 2004-01-01 04:27 - 00024576 ____A C:\Windows\System32\config\sam.bak
2012-10-27 23:34 - 2011-12-25 21:27 - 00008192 ___AH C:\Windows\System32\config\security.tmp.LOG
2012-10-27 23:22 - 2012-10-23 18:29 - 04989309 ____R (Swearware) C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe.exe
2012-10-27 23:21 - 2012-10-27 23:19 - 00001818 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Text Document (2).txt
2012-10-27 23:15 - 2012-10-27 23:15 - 00001406 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[1].txt
2012-10-27 23:06 - 2012-10-24 20:18 - 00000028 ____A C:\Documents and Settings\Alex\Local Settings\Application Data\istlpdhg.log
2012-10-27 23:01 - 2009-10-24 10:57 - 00000000 ____A C:\Documents and Settings\Alex\order.txt
2012-10-27 09:27 - 2012-10-23 22:34 - 00015850 ____A C:\Documents and Settings\Compaq_Owner\Desktop\draft calc.xlsx
2012-10-27 09:23 - 2012-10-14 12:48 - 00000607 ____A C:\Documents and Settings\Compaq_Owner\Desktop\Utopia Angel.lnk
2012-10-27 09:21 - 2012-10-10 08:35 - 00000122 ____A C:\Documents and Settings\Compaq_Owner\Desktop\110k.txt
2012-10-27 08:20 - 2011-07-13 11:08 - 00009714 ____A C:\Documents and Settings\Compaq_Owner\Desktop\Running Times.xlsx
2012-10-27 01:47 - 2004-01-01 04:28 - 02108775 ____A C:\Windows\FaxSetup.log
2012-10-27 01:47 - 2004-01-01 04:28 - 01092601 ____A C:\Windows\ocgen.log
2012-10-27 01:47 - 2004-01-01 04:28 - 00810182 ____A C:\Windows\tsoc.log
2012-10-27 01:47 - 2004-01-01 04:28 - 00576531 ____A C:\Windows\comsetup.log
2012-10-27 01:47 - 2004-01-01 04:28 - 00356129 ____A C:\Windows\ntdtcsetup.log
2012-10-27 01:47 - 2004-01-01 04:28 - 00307453 ____A C:\Windows\iis6.log
2012-10-27 01:47 - 2004-01-01 04:28 - 00104553 ____A C:\Windows\msgsocm.log
2012-10-27 01:47 - 2004-01-01 04:28 - 00095610 ____A C:\Windows\ocmsn.log
2012-10-27 01:47 - 2004-01-01 04:28 - 00001943 ____A C:\Windows\imsins.log
2012-10-26 21:39 - 2012-10-26 21:39 - 00000000 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kbfucgar.log
2012-10-26 21:38 - 2012-10-20 00:35 - 00000000 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\evwkedna.log
2012-10-25 20:17 - 2012-10-20 15:55 - 00094162 ____A C:\Documents and Settings\Compaq_Owner\Desktop\OTL.Txt
2012-10-25 19:57 - 2011-12-17 00:33 - 00116736 __ASH C:\Documents and Settings\Compaq_Owner\Desktop\Thumbs.db
2012-10-25 19:48 - 2010-06-30 18:33 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2012-10-25 19:43 - 2012-10-25 19:43 - 01682432 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RogueKiller.exe
2012-10-24 20:18 - 2012-10-24 20:18 - 00000000 ____A C:\Documents and Settings\Alex\Local Settings\Application Data\kbfucgar.log
2012-10-24 20:18 - 2012-10-24 20:18 - 00000000 ____A C:\Documents and Settings\Alex\Local Settings\Application Data\evwkedna.log
2012-10-23 18:49 - 2012-10-23 18:49 - 00003837 ____A C:\Documents and Settings\Compaq_Owner\Desktop\FSS.txt
2012-10-23 18:18 - 2012-10-23 18:20 - 00694323 ____A (Farbar) C:\Documents and Settings\Compaq_Owner\Desktop\FSS.exe
2012-10-23 17:59 - 2012-10-23 17:59 - 00609880 ____A C:\Documents and Settings\Compaq_Owner\Desktop\cbsidlm-tr1_7-Combofix-ORG2-75221073.exe
2012-10-23 17:06 - 2012-10-20 20:37 - 00051782 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Text Document.txt
2012-10-22 12:25 - 2012-10-22 12:25 - 00008714 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Microsoft Office Excel Worksheet.xlsx
2012-10-22 08:11 - 2009-01-17 04:23 - 00188416 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-22 06:45 - 2012-10-22 06:45 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
2012-10-20 22:19 - 2012-10-20 22:19 - 00001710 ____A C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt
2012-10-20 16:09 - 2012-10-20 15:39 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-10-20 16:09 - 2012-10-20 15:29 - 00000792 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-20 16:08 - 2012-10-20 16:08 - 10669952 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.65.1.1000.exe
2012-10-20 15:24 - 2012-09-04 09:22 - 00002461 ____A C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.lnk
2012-10-20 00:31 - 2012-10-20 00:31 - 00000064 ____A C:\Documents and Settings\All Users\Application Data\vtcgnrlh.log
2012-10-16 06:07 - 2009-01-06 20:38 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-10-09 12:41 - 2012-06-27 16:19 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-09 12:41 - 2011-12-27 19:50 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-09 12:35 - 2012-10-09 12:35 - 09575864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-10-06 08:14 - 2012-10-06 08:14 - 01597734 ___AH C:\Documents and Settings\Compaq_Owner\Desktop\untitled54.bmp
2012-09-29 14:54 - 2012-10-20 15:29 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-28 10:18 - 2010-12-22 04:43 - 2145386496 ____A C:\Windows\MEMORY.DMP
2012-09-08 08:35 - 2004-01-01 04:28 - 00001891 ____A C:\Windows\imsins.BAK
2012-09-04 07:40 - 2012-09-04 07:40 - 00001088 ____A C:\Documents and Settings\Compaq_Owner\My Documents\Bottom Arch 237k.bdc
2012-09-04 06:54 - 2012-09-04 06:54 - 00000926 ____A C:\Documents and Settings\Compaq_Owner\My Documents\Toparch 192.4k.bdc
2012-09-04 05:21 - 2012-09-04 05:22 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-04 05:21 - 2012-09-04 05:22 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-04 05:21 - 2012-09-04 05:22 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-04 05:21 - 2012-09-04 05:22 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-09-04 05:21 - 2012-08-22 15:39 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-09-04 05:21 - 2011-01-02 00:32 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-04 05:21 - 2009-03-18 11:03 - 00143872 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2012-08-30 07:26 - 2012-08-30 07:26 - 00000926 ____A C:\Documents and Settings\Compaq_Owner\My Documents\Base high level 231.5k.bdc
2012-08-22 15:57 - 2012-08-22 15:39 - 00000040 ____A C:\Documents and Settings\Compaq_Owner\jagex_cl_runescape_LIVE.dat
2012-08-22 15:40 - 2009-06-05 00:29 - 00000034 ____A C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
2012-08-21 22:27 - 2004-01-01 04:27 - 00268600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-21 22:10 - 2012-08-21 07:48 - 00017152 ____A C:\Windows\KB2712808.log
2012-08-21 22:09 - 2012-08-21 22:09 - 00012802 ____A C:\Windows\KB2731847.log
2012-08-21 22:05 - 2012-08-21 07:48 - 00016711 ____A C:\Windows\KB2705219.log
2012-08-21 22:05 - 2009-01-06 21:09 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-21 22:05 - 2009-01-06 18:33 - 00435388 ____A C:\Windows\updspapi.log
2012-08-21 22:04 - 2012-08-21 22:04 - 00011414 ____A C:\Windows\KB2723135.log
2012-08-21 22:01 - 2012-08-21 22:00 - 00015816 ____A C:\Windows\KB2722913-IE8.log
2012-08-20 12:33 - 2012-10-23 18:00 - 02212440 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Compaq_Owner\Desktop\TDSSKiller.exe
2012-08-04 13:08 - 2012-08-04 13:08 - 00412056 ____A C:\Documents and Settings\Compaq_Owner\Desktop\bookmdarks.html

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-10-30 19:18 - 024576 _restore{37140189-68D5-4F78-8B0D-62A7FA0524E0}\RP256

RP: -> 2012-10-27 23:23 - 024576 _restore{37140189-68D5-4F78-8B0D-62A7FA0524E0}\RP255

RP: -> 2012-10-25 20:03 - 024576 _restore{37140189-68D5-4F78-8B0D-62A7FA0524E0}\RP254

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 3071.3 MB
Available physical RAM: 2787.09 MB
Total Pagefile: 2895.94 MB
Available Pagefile: 2835.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (PRESARIO) (Fixed) (Total:228.93 GB) (Free:91.32 GB) NTFS ==>[Drive with boot components (Windows XP)]
7 Drive h: (PRESARIO) (Fixed) (Total:3.94 GB) (Free:0.99 GB) FAT32 ==>[Drive with boot components (Windows XP)]
9 Drive j: (Lexar) (Removable) (Total:59.74 GB) (Free:51.79 GB) FAT32
10 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4038 MB 32 KB
Partition 2 Primary 229 GB 4038 MB
=========================================================

Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 H PRESARIO FAT32 Partition 4038 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C PRESARIO NTFS Partition 229 GB Healthy
=========================================================
==================== End Of Log ============================

#19
Nedklaw

Posted 01 November 2012 - 05:50 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Download and save the following file to your flash drive:

fixlist.txt 7.15KB 458 downloads

Now please boot into your computer using the boot CD you made before.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Things I want to see in your next reply

Fixlog.txt

#20
younggeeza

Posted 02 November 2012 - 03:48 AM

Member

Topic Starter
Member
112 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2012
Ran by SYSTEM at 2012-11-02 13:14:50 Run:1
Running from J:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck Value deleted successfully.
HKEY_USERS\Alex\Software\Microsoft\Windows\CurrentVersion\Run\\HphSwemj Value deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\yjpdmegv\hphswemj.exe moved successfully.
HKEY_USERS\Compaq_Owner\Software\Microsoft\Windows\CurrentVersion\Run\\HphSwemj Value deleted successfully.
C:\Documents and Settings\Alex\Start Menu\Programs\Startup\hphswemj.exe moved successfully.
C:\Documents and Settings\Alex\Start Menu\Programs\Startup\hphswemj.exe not found.
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\hphswemj.exe moved successfully.
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\hphswemj.exe not found.
C:\Documents and Settings\Compaq_Owner\UN4Qzhb moved successfully.
C:\Documents and Settings\Compaq_Owner\ytyucuYT moved successfully.
C:\Documents and Settings\Compaq_Owner\1CeYHfG moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ncoguvxx.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\yvcwfauj.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\istlpdhg.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kjnojkrt.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\jjxylaod.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\weljvrww.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\bsbybbtu.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ulrmjsst.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\tyyliydr.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\yjpdmegv moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\gkdeeafs.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ddjylpac.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kbfucgar.log moved successfully.
C:\Windows\System32\ytyucuYT moved successfully.
C:\Documents and Settings\Alex\Local Settings\Application Data\istlpdhg.log moved successfully.
C:\Documents and Settings\Alex\Local Settings\Application Data\kbfucgar.log moved successfully.
C:\Documents and Settings\Alex\Local Settings\Application Data\evwkedna.log moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\evwkedna.log moved successfully.
C:\Documents and Settings\All Users\Application Data\vtcgnrlh.log moved successfully.
Could not move C:\Windows\assembly\GAC\Desktop.ini.

==== End of Fixlog ====

#21
Nedklaw

Posted 05 November 2012 - 05:29 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Please boot into your computer using the boot CD you made before.
Run FRST and press the Scan button just once and wait.
The tool will make a log on the flashdrive (FRST.txt). Please copy and paste it in your reply.

Things I want to see in your next reply

FRST.txt

#22
younggeeza

Posted 05 November 2012 - 11:03 PM

Member

Topic Starter
Member
112 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2012 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 06-11-2012 09:59:09
Running from H:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet005

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [CTHelper] CTHELPER.EXE [x]
HKLM\...\Run: [AlcWzrd] ALCWZRD.EXE [x]
HKLM\...\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent [x]
HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE [135214 2003-09-04] (Logitech Inc.)
HKLM\...\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [184320 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [319488 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AGRSMMSG] AGRSMMSG.exe [x]
HKLM\...\Run: [F5D8055v2] C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe [1662976 2009-04-08] (Belkin)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13680640 2009-01-15] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2009-01-15] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Alex\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Compaq_Owner\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\Compaq_Owner\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-07-02] ()
HKU\Compaq_Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE [15360 2008-04-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] [x]
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

==================== Services (Whitelisted) ===================

2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [132424 2008-11-07] (Apple Inc.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [115168 2012-10-26] (Mozilla Foundation)
2 PCTWPASV; "C:\Program Files\Arcadyan Wireless\pctwpasv.exe" [204800 2004-01-30] (PCTEL Inc.)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 catchme; \??\C:\ComboFix.exe\catchme.sys [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

3 ADM8511; C:\Windows\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated)
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2011-01-02] (Cisco Systems, Inc.)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [333600 2003-11-12] (Creative Technology Ltd)
3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [904496 2003-11-13] (Creative Technology Ltd)
3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [148432 2003-11-13] (Creative Technology Ltd)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation)
3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.)
2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12184 2011-09-02] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28816 2008-09-26] (Logitech, Inc.)
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2012-10-20] (Malwarebytes Corporation)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
3 PCTINDIS5; \??\C:\WINDOWS\System32\PCTINDIS5.SYS [17359 2004-01-15] (PCTEL Inc.)
3 Pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-18] (Padus, Inc.)
3 PID_0920; C:\Windows\System32\DRIVERS\LV532AV.SYS [152576 2003-09-04] (Logitech Inc.)
3 PRISM_A00; C:\Windows\System32\DRIVERS\PCTELSAP.SYS [350282 2004-01-29] (PCTEL Inc.)
3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [713344 2009-04-03] (Ralink Technology, Corp.)
3 rtl8139; C:\Windows\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation )
3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [229888 2004-09-29] (Silicon Integrated Systems Corporation)
1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [12928 2004-09-24] (Silicon Integrated Systems Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2011-01-04] (Duplex Secure Ltd.)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-06-06] (Windows ® Codename Longhorn DDK provider)
3 USBCM; C:\Windows\System32\DRIVERS\Sacm1K.sys [15429 2004-06-10] ( )
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-07] (Windows ® Codename Longhorn DDK provider)
3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [173312 2004-09-23] (Copyright © VIA/S3 Graphics Co, Ltd.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
3 PROCEXP151; \??\C:\WINDOWS\system32\Drivers\PROCEXP151.SYS [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 RegKernelHelp; \??\C:\Program Files\Safe Returner\RegKernelHelp.sys [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20040813.178\symidsco.sys [x]
4 sym_hi; [x]
4 sym_u3; [x]
3 TlntSvr; [x]
4 TosIde; [x]
4 ultra; [x]
0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-10-31 17:27 - 2012-10-31 17:27 - 00000000 ____D C:\FRST
2012-10-28 09:50 - 2012-10-28 09:50 - 00003175 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[3].txt
2012-10-28 09:48 - 2012-10-28 09:48 - 00003346 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[2].txt
2012-10-27 22:45 - 2012-10-27 22:45 - 00068443 ____A C:\ComboFix.txt
2012-10-27 22:19 - 2012-10-27 22:21 - 00001818 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Text Document (2).txt
2012-10-27 22:15 - 2012-10-27 22:15 - 00001406 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[1].txt
2012-10-26 18:41 - 2012-10-26 20:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-25 18:46 - 2012-10-28 09:53 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
2012-10-25 18:43 - 2012-10-25 18:43 - 01682432 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RogueKiller.exe
2012-10-25 18:36 - 2012-10-25 18:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-23 21:34 - 2012-10-27 08:27 - 00015850 ____A C:\Documents and Settings\Compaq_Owner\Desktop\draft calc.xlsx
2012-10-23 17:49 - 2012-10-23 17:49 - 00003837 ____A C:\Documents and Settings\Compaq_Owner\Desktop\FSS.txt
2012-10-23 17:29 - 2012-10-27 22:22 - 04989309 ____R (Swearware) C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe.exe
2012-10-23 17:20 - 2012-10-23 17:18 - 00694323 ____A (Farbar) C:\Documents and Settings\Compaq_Owner\Desktop\FSS.exe
2012-10-23 17:00 - 2012-08-20 11:33 - 02212440 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Compaq_Owner\Desktop\TDSSKiller.exe
2012-10-23 16:59 - 2012-10-23 16:59 - 00609880 ____A C:\Documents and Settings\Compaq_Owner\Desktop\cbsidlm-tr1_7-Combofix-ORG2-75221073.exe
2012-10-22 11:25 - 2012-10-22 11:25 - 00008714 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Microsoft Office Excel Worksheet.xlsx
2012-10-22 05:45 - 2012-10-22 05:45 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
2012-10-20 21:19 - 2012-10-20 21:19 - 00001710 ____A C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt
2012-10-20 19:37 - 2012-10-23 16:06 - 00051782 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Text Document.txt
2012-10-20 15:08 - 2012-10-20 15:08 - 10669952 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.65.1.1000.exe
2012-10-20 14:55 - 2012-10-25 19:17 - 00094162 ____A C:\Documents and Settings\Compaq_Owner\Desktop\OTL.Txt
2012-10-20 14:39 - 2012-10-20 15:09 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-10-20 14:29 - 2012-10-20 15:09 - 00000792 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-20 14:29 - 2012-10-20 15:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-20 14:29 - 2012-09-29 13:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-14 11:48 - 2012-10-27 08:23 - 00000607 ____A C:\Documents and Settings\Compaq_Owner\Desktop\Utopia Angel.lnk
2012-10-14 11:47 - 2012-10-14 11:47 - 00000000 ____D C:\Utopia
2012-10-10 07:35 - 2012-10-27 08:21 - 00000122 ____A C:\Documents and Settings\Compaq_Owner\Desktop\110k.txt
2012-10-09 11:35 - 2012-10-09 11:35 - 09575864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe

==================== 3 Months Modified Files ==================

2012-10-30 18:34 - 2004-01-01 03:38 - 00032542 ____A C:\Windows\SchedLgU.Txt
2012-10-30 18:34 - 2004-01-01 03:38 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-30 18:34 - 2004-01-01 03:34 - 01549828 ____A C:\Windows\WindowsUpdate.log
2012-10-30 18:34 - 2004-01-01 03:31 - 00000216 ____A C:\Windows\wiadebug.log
2012-10-30 18:34 - 2004-01-01 03:31 - 00000050 ____A C:\Windows\wiaservc.log
2012-10-30 18:04 - 2004-01-01 03:28 - 00616738 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-30 18:00 - 2004-01-01 03:38 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-10-30 18:00 - 2004-01-01 03:38 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-10-30 17:21 - 2009-01-06 17:08 - 00000178 __ASH C:\Documents and Settings\Compaq_Owner\ntuser.ini
2012-10-30 17:21 - 2009-01-06 17:08 - 00000062 __ASH C:\Documents and Settings\Compaq_Owner\Local Settings\desktop.ini
2012-10-30 17:21 - 2004-01-01 10:22 - 00012620 ____A C:\Windows\System32\wpa.dbl
2012-10-28 10:04 - 2010-12-28 04:45 - 00000178 _ASHC C:\Documents and Settings\Administrator\ntuser.ini
2012-10-28 10:04 - 2010-12-28 04:45 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-10-28 10:02 - 2009-02-20 11:45 - 00000178 __ASH C:\Documents and Settings\Alex\ntuser.ini
2012-10-28 10:02 - 2009-02-20 11:45 - 00000062 __ASH C:\Documents and Settings\Alex\Local Settings\desktop.ini
2012-10-28 09:50 - 2012-10-28 09:50 - 00003175 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[3].txt
2012-10-28 09:48 - 2012-10-28 09:48 - 00003346 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[2].txt
2012-10-28 09:47 - 2012-04-05 13:15 - 00206530 ____A C:\Windows\System32\nvapps.xml
2012-10-28 09:47 - 2009-09-13 11:42 - 00000000 ____A C:\Documents and Settings\Compaq_Owner\order.txt
2012-10-28 09:43 - 2004-01-01 10:23 - 00000282 _RASH C:\boot.ini
2012-10-28 09:43 - 2004-01-01 10:22 - 00000582 ____A C:\Windows\win.ini
2012-10-28 09:43 - 2004-01-01 10:22 - 00000227 ____A C:\Windows\system.ini
2012-10-28 09:16 - 2010-12-22 03:49 - 00629725 ____A C:\Windows\setupapi.log
2012-10-27 22:45 - 2012-10-27 22:45 - 00068443 ____A C:\ComboFix.txt
2012-10-27 22:35 - 2004-01-01 03:27 - 44990464 ____A C:\Windows\System32\config\software.bak
2012-10-27 22:35 - 2004-01-01 03:27 - 14942208 ____A C:\Windows\System32\config\system.bak
2012-10-27 22:35 - 2004-01-01 03:27 - 03416064 ____A C:\Windows\System32\config\default.bak
2012-10-27 22:35 - 2004-01-01 03:27 - 00057344 ____A C:\Windows\System32\config\security.bak
2012-10-27 22:35 - 2004-01-01 03:27 - 00024576 ____A C:\Windows\System32\config\sam.bak
2012-10-27 22:34 - 2011-12-25 20:27 - 00008192 ___AH C:\Windows\System32\config\security.tmp.LOG
2012-10-27 22:22 - 2012-10-23 17:29 - 04989309 ____R (Swearware) C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe.exe
2012-10-27 22:21 - 2012-10-27 22:19 - 00001818 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Text Document (2).txt
2012-10-27 22:15 - 2012-10-27 22:15 - 00001406 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[1].txt
2012-10-27 22:01 - 2009-10-24 09:57 - 00000000 ____A C:\Documents and Settings\Alex\order.txt
2012-10-27 08:27 - 2012-10-23 21:34 - 00015850 ____A C:\Documents and Settings\Compaq_Owner\Desktop\draft calc.xlsx
2012-10-27 08:23 - 2012-10-14 11:48 - 00000607 ____A C:\Documents and Settings\Compaq_Owner\Desktop\Utopia Angel.lnk
2012-10-27 08:21 - 2012-10-10 07:35 - 00000122 ____A C:\Documents and Settings\Compaq_Owner\Desktop\110k.txt
2012-10-27 07:20 - 2011-07-13 10:08 - 00009714 ____A C:\Documents and Settings\Compaq_Owner\Desktop\Running Times.xlsx
2012-10-27 00:47 - 2004-01-01 03:28 - 02108775 ____A C:\Windows\FaxSetup.log
2012-10-27 00:47 - 2004-01-01 03:28 - 01092601 ____A C:\Windows\ocgen.log
2012-10-27 00:47 - 2004-01-01 03:28 - 00810182 ____A C:\Windows\tsoc.log
2012-10-27 00:47 - 2004-01-01 03:28 - 00576531 ____A C:\Windows\comsetup.log
2012-10-27 00:47 - 2004-01-01 03:28 - 00356129 ____A C:\Windows\ntdtcsetup.log
2012-10-27 00:47 - 2004-01-01 03:28 - 00307453 ____A C:\Windows\iis6.log
2012-10-27 00:47 - 2004-01-01 03:28 - 00104553 ____A C:\Windows\msgsocm.log
2012-10-27 00:47 - 2004-01-01 03:28 - 00095610 ____A C:\Windows\ocmsn.log
2012-10-27 00:47 - 2004-01-01 03:28 - 00001943 ____A C:\Windows\imsins.log
2012-10-25 19:17 - 2012-10-20 14:55 - 00094162 ____A C:\Documents and Settings\Compaq_Owner\Desktop\OTL.Txt
2012-10-25 18:57 - 2011-12-16 23:33 - 00116736 __ASH C:\Documents and Settings\Compaq_Owner\Desktop\Thumbs.db
2012-10-25 18:48 - 2010-06-30 17:33 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2012-10-25 18:43 - 2012-10-25 18:43 - 01682432 ____A C:\Documents and Settings\Compaq_Owner\Desktop\RogueKiller.exe
2012-10-23 17:49 - 2012-10-23 17:49 - 00003837 ____A C:\Documents and Settings\Compaq_Owner\Desktop\FSS.txt
2012-10-23 17:18 - 2012-10-23 17:20 - 00694323 ____A (Farbar) C:\Documents and Settings\Compaq_Owner\Desktop\FSS.exe
2012-10-23 16:59 - 2012-10-23 16:59 - 00609880 ____A C:\Documents and Settings\Compaq_Owner\Desktop\cbsidlm-tr1_7-Combofix-ORG2-75221073.exe
2012-10-23 16:06 - 2012-10-20 19:37 - 00051782 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Text Document.txt
2012-10-22 11:25 - 2012-10-22 11:25 - 00008714 ____A C:\Documents and Settings\Compaq_Owner\Desktop\New Microsoft Office Excel Worksheet.xlsx
2012-10-22 07:11 - 2009-01-17 03:23 - 00188416 ____A C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-22 05:45 - 2012-10-22 05:45 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
2012-10-20 21:19 - 2012-10-20 21:19 - 00001710 ____A C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt
2012-10-20 15:09 - 2012-10-20 14:39 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-10-20 15:09 - 2012-10-20 14:29 - 00000792 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-20 15:08 - 2012-10-20 15:08 - 10669952 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.65.1.1000.exe
2012-10-20 14:24 - 2012-09-04 08:22 - 00002461 ____A C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.lnk
2012-10-16 05:07 - 2009-01-06 19:38 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-10-09 11:41 - 2012-06-27 15:19 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-09 11:41 - 2011-12-27 18:50 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-09 11:35 - 2012-10-09 11:35 - 09575864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-10-06 07:14 - 2012-10-06 07:14 - 01597734 ___AH C:\Documents and Settings\Compaq_Owner\Desktop\untitled54.bmp
2012-09-29 13:54 - 2012-10-20 14:29 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-28 09:18 - 2010-12-22 03:43 - 2145386496 ____A C:\Windows\MEMORY.DMP
2012-09-08 07:35 - 2004-01-01 03:28 - 00001891 ____A C:\Windows\imsins.BAK
2012-09-04 06:40 - 2012-09-04 06:40 - 00001088 ____A C:\Documents and Settings\Compaq_Owner\My Documents\Bottom Arch 237k.bdc
2012-09-04 05:54 - 2012-09-04 05:54 - 00000926 ____A C:\Documents and Settings\Compaq_Owner\My Documents\Toparch 192.4k.bdc
2012-09-04 04:21 - 2012-09-04 04:22 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-04 04:21 - 2012-09-04 04:22 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-04 04:21 - 2012-09-04 04:22 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-04 04:21 - 2012-09-04 04:22 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-09-04 04:21 - 2012-08-22 14:39 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-09-04 04:21 - 2011-01-01 23:32 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-04 04:21 - 2009-03-18 10:03 - 00143872 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2012-08-30 06:26 - 2012-08-30 06:26 - 00000926 ____A C:\Documents and Settings\Compaq_Owner\My Documents\Base high level 231.5k.bdc
2012-08-22 14:57 - 2012-08-22 14:39 - 00000040 ____A C:\Documents and Settings\Compaq_Owner\jagex_cl_runescape_LIVE.dat
2012-08-22 14:40 - 2009-06-04 23:29 - 00000034 ____A C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
2012-08-21 21:27 - 2004-01-01 03:27 - 00268600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-21 21:10 - 2012-08-21 06:48 - 00017152 ____A C:\Windows\KB2712808.log
2012-08-21 21:09 - 2012-08-21 21:09 - 00012802 ____A C:\Windows\KB2731847.log
2012-08-21 21:05 - 2012-08-21 06:48 - 00016711 ____A C:\Windows\KB2705219.log
2012-08-21 21:05 - 2009-01-06 20:09 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-21 21:05 - 2009-01-06 17:33 - 00435388 ____A C:\Windows\updspapi.log
2012-08-21 21:04 - 2012-08-21 21:04 - 00011414 ____A C:\Windows\KB2723135.log
2012-08-21 21:01 - 2012-08-21 21:00 - 00015816 ____A C:\Windows\KB2722913-IE8.log
2012-08-20 11:33 - 2012-10-23 17:00 - 02212440 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Compaq_Owner\Desktop\TDSSKiller.exe

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-10-30 18:18 - 024576 _restore{37140189-68D5-4F78-8B0D-62A7FA0524E0}\RP256

RP: -> 2012-10-27 22:23 - 024576 _restore{37140189-68D5-4F78-8B0D-62A7FA0524E0}\RP255

RP: -> 2012-10-25 19:03 - 024576 _restore{37140189-68D5-4F78-8B0D-62A7FA0524E0}\RP254

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 3071.3 MB
Available physical RAM: 2720.62 MB
Total Pagefile: 2895.96 MB
Available Pagefile: 2811.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.18 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (PRESARIO) (Fixed) (Total:228.93 GB) (Free:91.32 GB) NTFS ==>[Drive with boot components (Windows XP)]
7 Drive h: (Lexar) (Removable) (Total:59.74 GB) (Free:51.79 GB) FAT32
8 Drive i: (PRESARIO) (Fixed) (Total:3.94 GB) (Free:0.99 GB) FAT32 ==>[Drive with boot components (Windows XP)]
10 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4038 MB 32 KB
Partition 2 Primary 229 GB 4038 MB
=========================================================

Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 I PRESARIO FAT32 Partition 4038 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C PRESARIO NTFS Partition 229 GB Healthy
=========================================================
==================== End Of Log ============================

#23
Nedklaw

Posted 07 November 2012 - 06:25 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

There's a file which FRST isn't removing so we will use OTLPE instead.

Step 1

Start OTLPE from the CD.
Copy the text in the code box below into the Custom scans and fixes box.

:Files
C:\Windows\assembly\GAC\Desktop.ini

:Commands 
[Reboot]

Let the program run unhindered and reboot your computer.
A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in your next reply.

Things I want to see in your next reply

OTL Fix Log

#24
younggeeza

Posted 08 November 2012 - 11:27 AM

Member

Topic Starter
Member
112 posts

Thanks for the continued help. Hope i've done this right.

========== FILES ==========
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 11082012_221650

#25
Nedklaw

Posted 09 November 2012 - 08:48 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

OTLPE managed to move the bad file. I now want you to try and boot into Normal Mode and run an OTL scan.

Open OTL again and select the "Scan All Users" box.
Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

OTL.txt

#26
younggeeza

Posted 10 November 2012 - 05:27 AM

Member

Topic Starter
Member
112 posts

It's the same as before. When I try to log in, the screen goes black for a split-second and then goes back to the login page.

#27
Nedklaw

Posted 10 November 2012 - 06:48 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

We'll do a scan with OTLPE to see if it picks anything up that FRST hasn't and possibly rule out malware as the cause of your problem.

Step 1

Boot up from the CD as before.
Double-click on the OTLPE icon.
Select the Windows folder of the infected drive if it asks for a location.
When asked "Do you wish to load the remote registry", select Yes.
When asked "Do you wish to load remote user profile(s) for scanning", select Yes.
Ensure the box "Automatically Load All Remaining Users" is checked and press OK.
OTL should now start.
Press Quick Scan to start the scan.
When finished, the file will be saved at C:\OTL.txt.
Copy this file to your USB drive if you do not have an internet connection on this system.
Please post the contents of the C:\OTL.txt file in your reply.

Things I want to see in your next reply

OTL.txt

#28
younggeeza

Posted 11 November 2012 - 04:04 PM

Member

Topic Starter
Member
112 posts

It did not ask me if I wanted to load the remote registry and I also wasn't asked for a windows location to scan. Could it be something to do with the userinit registry value? It says this in the report O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found)

Thanks for the help.

OTL logfile created on: 11/12/2012 2:51:22 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.93 Gb Total Space | 91.32 Gb Free Space | 39.89% Space Free | Partition Type: NTFS
Drive H: | 59.74 Gb Total Space | 51.79 Gb Free Space | 86.70% Space Free | Partition Type: FAT32
Drive I: | 3.94 Gb Total Space | 0.99 Gb Free Space | 25.05% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet005

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/10/26 18:41:49 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 13:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/04 04:21:56 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/08/07 06:17:30 | 000,677,888 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/01/30 08:59:40 | 000,204,800 | ---- | M] (PCTEL Inc.) [Auto] -- C:\Program Files\Arcadyan Wireless\pctwpasv.exe -- (PCTWPASV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (viaagp1)
DRV - File not found [Kernel | On_Demand] -- -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand] -- -- (RegKernelHelp)
DRV - File not found [Kernel | On_Demand] -- -- (PROCEXP151)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EL90XBC)
DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2012/10/20 15:09:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/29 13:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/01/04 08:58:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/03 18:08:08 | 000,713,344 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/01/21 02:49:40 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/09/26 04:53:00 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/09/26 04:53:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/09/26 04:52:00 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/09/26 04:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/06/06 04:24:44 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 02:38:36 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 02:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 02:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/17 10:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/01/25 11:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/09/29 17:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 05:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/29 15:04:26 | 002,216,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/10 13:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Sacm1K.sys -- (USBCM)
DRV - [2004/01/29 17:29:04 | 000,350,282 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCTELSAP.SYS -- (PRISM_A00)
DRV - [2004/01/15 07:15:06 | 000,017,359 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2003/11/13 13:01:52 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia)
DRV - [2003/11/13 13:01:38 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2003/11/13 13:01:10 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2003/11/13 12:59:18 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2003/11/13 12:58:10 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/11/13 12:57:40 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HA10KX2K.SYS -- (ha10kx2k)
DRV - [2003/11/12 15:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTDVDA2K.SYS -- (ctdvda2k)
DRV - [2003/09/18 20:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/04 05:38:56 | 000,152,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920)
DRV - [2003/07/18 11:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2002/10/04 12:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/29 17:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/08/17 07:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Alex_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 82 4B 6E 8F 86 CD 01 [binary data]
IE - HKU\Compaq_Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/05 17:59:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 18:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/26 18:41:44 | 000,000,000 | ---D | M]

[2012/10/26 18:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 18:41:50 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012/10/14 02:39:03 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/10/14 02:39:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/14 02:39:03 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/10/14 02:39:03 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/14 02:39:03 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/10/14 02:39:03 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/10/27 22:36:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\Alex_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [F5D8055v2] C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LSBWatcher] C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\Compaq_Owner_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Compaq_Owner_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Alex_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Alex_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Compaq_Owner_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Compaq_Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1293940326812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231289923359 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.co....cab?10,0,910,0 (DigWebHelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/01 03:35:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | --S- | M] () - I:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/10/31 17:27:47 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/28 09:47:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/28 09:41:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
[2012/10/26 18:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/25 23:48:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Videos
[2012/10/25 18:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
[2012/10/25 18:36:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/23 17:29:21 | 004,989,309 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe.exe
[2012/10/23 17:20:24 | 000,694,323 | ---- | C] (Farbar) -- C:\Documents and Settings\Compaq_Owner\Desktop\FSS.exe
[2012/10/23 17:00:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Owner\Desktop\TDSSKiller.exe
[2012/10/22 05:45:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/10/20 15:08:09 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/20 14:39:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/20 14:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/20 14:29:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/20 14:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/14 11:47:56 | 000,000,000 | ---D | C] -- C:\Utopia
[2009/01/06 17:18:06 | 000,015,429 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm1K.sys
[2003/11/13 12:54:38 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.DLL
[2003/03/14 04:33:40 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2012/11/10 11:25:37 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/10 11:24:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/10 11:24:31 | 3220,557,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/30 18:04:25 | 000,511,978 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/30 18:04:25 | 000,091,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/28 09:58:39 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/10/28 09:47:08 | 000,206,530 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/28 09:43:35 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2012/10/27 22:36:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/27 22:22:13 | 004,989,309 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe.exe
[2012/10/27 08:23:25 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Utopia Angel.lnk
[2012/10/26 20:34:53 | 000,138,740 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\untitled123.JPG
[2012/10/25 18:48:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/25 18:43:32 | 001,682,432 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RogueKiller.exe
[2012/10/23 17:18:12 | 000,694,323 | ---- | M] (Farbar) -- C:\Documents and Settings\Compaq_Owner\Desktop\FSS.exe
[2012/10/23 16:59:42 | 000,609,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\cbsidlm-tr1_7-Combofix-ORG2-75221073.exe
[2012/10/22 07:11:24 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/22 05:45:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/10/20 15:09:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/20 15:09:16 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/20 15:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/20 15:08:23 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/20 14:24:35 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.lnk
[2012/10/16 05:07:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/14 16:52:20 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Labtec WebCam.lnk

========== Files Created - No Company Name ==========

[2012/10/30 17:13:10 | 3220,557,824 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/26 20:34:53 | 000,138,740 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\untitled123.JPG
[2012/10/25 18:43:30 | 001,682,432 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RogueKiller.exe
[2012/10/23 16:59:39 | 000,609,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\cbsidlm-tr1_7-Combofix-ORG2-75221073.exe
[2012/10/20 14:29:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/14 11:48:01 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Utopia Angel.lnk
[2012/08/22 14:39:59 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\jagex_cl_runescape_LIVE.dat
[2012/07/05 19:47:14 | 000,000,976 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/10/08 07:43:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/14 21:25:52 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/08/26 12:43:55 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Gangsters2Setup.lnk
[2011/01/02 01:13:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/01/02 00:31:25 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/01/02 00:31:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2011/01/02 00:31:22 | 000,005,116 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2011/01/02 00:31:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT2870.bin
[2010/12/31 06:33:13 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/12/31 01:57:41 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/12/30 23:18:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/12/30 23:14:52 | 000,014,658 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Hp.ini
[2010/12/30 23:14:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/12/28 05:01:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/28 05:01:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/28 05:01:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/28 05:01:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/28 05:01:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/28 04:45:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/12/26 20:18:55 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/26 20:18:42 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/26 20:18:42 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/23 18:37:55 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/30 17:33:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/07 00:18:13 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\setup_ldm.iss
[2009/06/04 23:29:51 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
[2009/02/20 11:45:12 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\fusioncache.dat
[2009/01/17 03:23:28 | 000,188,416 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 02:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/15 02:19:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/01/15 02:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 02:19:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/01/15 02:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/15 02:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/15 02:19:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/01/15 02:19:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/01/13 07:44:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\PnkBstrK.sys
[2009/01/13 07:43:45 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/01/07 20:28:29 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/01/07 20:28:28 | 000,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/01/07 20:28:22 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/01/06 19:46:25 | 000,015,387 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/06 19:12:29 | 000,000,838 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2009/01/06 17:47:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/06 17:18:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\UNDPX1K.exe
[2009/01/06 17:18:06 | 000,053,725 | ---- | C] () -- C:\WINDOWS\UNDPX1K.sys
[2009/01/06 17:08:55 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/28 11:40:48 | 000,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/01/01 16:27:41 | 000,034,699 | ---- | C] () -- C:\WINDOWS\System32\hlp.dat
[2005/01/01 16:26:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/01 03:02:02 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/01/01 03:02:02 | 000,095,248 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/09/13 18:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 22:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/19 22:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/01 19:33:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/01 19:19:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/01/01 19:19:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/01/01 19:19:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/01/01 19:19:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/01/01 19:19:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/01/01 19:19:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/01/01 19:08:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/01 18:59:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/01/01 18:59:48 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/01/01 18:56:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/01/01 18:56:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/01/01 18:56:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/01/01 10:22:45 | 000,511,978 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/01 10:22:45 | 000,091,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/01 03:46:36 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/01 03:46:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/01 03:46:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/01 03:39:05 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/01 03:37:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/01 03:33:30 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/01 03:32:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/01 03:28:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/01 03:27:54 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/12/17 06:55:28 | 000,217,484 | ---- | C] () -- C:\WINDOWS\System32\CTDLANG.DAT
[2003/12/17 06:55:24 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2003/12/17 06:55:18 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2003/12/17 06:51:14 | 000,230,201 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2003/12/17 06:51:14 | 000,112,411 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2003/12/17 06:48:18 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\CTSTATIC.DAT
[2003/12/17 06:48:10 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\CTDAUGHT.DAT
[2003/11/13 13:21:04 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2003/04/10 18:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/21 12:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2001/06/28 07:05:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[1999/08/10 12:02:20 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1999/08/10 12:02:16 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 02:56:08 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2004/01/01 19:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intervideo
[2004/01/01 19:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2009/09/09 11:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\BitTorrent
[2009/06/15 09:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\DAEMON Tools
[2009/06/15 09:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\DAEMON Tools Lite
[2009/06/15 09:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\DAEMON Tools Pro
[2004/01/01 19:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\Intervideo
[2010/07/02 09:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\Nokia
[2010/07/02 09:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\PC Suite
[2004/01/01 19:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\SampleView
[2011/07/17 07:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\Sports Interactive
[2009/03/29 09:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\The Creative Assembly
[2012/08/30 04:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\USMA
[2012/07/07 22:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent
[2009/01/07 11:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DAEMON Tools
[2011/01/04 09:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DAEMON Tools Lite
[2009/01/07 11:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DAEMON Tools Pro
[2012/07/23 13:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DDMSettings
[2009/06/24 18:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DMCache
[2011/01/02 00:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DNA
[2004/01/01 19:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Intervideo
[2009/01/07 20:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2009/04/23 15:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
[2011/07/03 06:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\LolClient
[2012/06/27 08:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\LolMatches Client
[2009/01/06 19:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nokia
[2009/01/06 19:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PC Suite
[2012/09/04 08:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\QuickScan
[2004/01/01 19:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2012/04/04 11:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SoftChalk
[2011/04/16 13:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sports Interactive
[2009/06/25 13:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TeamViewer
[2009/03/23 12:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\The Creative Assembly
[2011/08/21 04:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TS3Client
[2009/01/10 01:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ubisoft
[2012/08/28 17:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\USMA
[2012/04/01 22:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/01/04 08:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/09/09 11:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/01/06 19:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2004/01/01 19:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/03/14 12:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/07/02 09:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/10/28 09:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/12/19 13:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2011/01/04 09:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/01/10 01:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/01/06 19:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Purity Check ==========

< End of report >

#29
Nedklaw

Posted 14 November 2012 - 07:17 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

I'm just letting you know that I haven't forgotten about you. I have been busy with college work over the past couple of days but I should be able to post back in a day or two.