Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help with virus [Closed]

Started by JonnRC , Dec 20 2012 01:05 PM

  • This topic is locked This topic is locked

#1
JonnRC
Posted 20 December 2012 - 01:05 PM

JonnRC

    Member

  • Member
  • PipPip
  • 11 posts
Hi, I could use some help with a virus I managed to pick up. It stops me from going on any antivirus site and microsoft pages. What its been doing is redirecting me when I open some pages on the internet to random sites, crashing internet explorer every so often, popping up with windows command processor and making my computer seem alot slower than it normally is. I've tried to remove it with malewarebytes already but it seems to just replace itself. The main one it found was trojan.lebag but it didn't seem to remove it.


Log

OTL logfile created on: 20/12/2012 18:44:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paul\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.32% Memory free
16.00 Gb Paging File | 13.46 Gb Available in Paging File | 84.16% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 142.34 Gb Free Space | 30.57% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 94.71 Gb Free Space | 20.33% Space Free | Partition Type: NTFS
Drive E: | 195.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PAUL-PC | User Name: paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/20 18:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe
PRC - [2012/12/16 20:15:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/21 15:23:56 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/22 19:55:48 | 000,885,760 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
PRC - [2011/11/17 15:50:34 | 001,685,504 | ---- | M] () -- C:\Program Files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Tese\x86\ekrn.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/08/29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Users\paul\Local Settings\Apps\F.lux\flux.exe
PRC - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/21 02:37:16 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/09/21 02:37:06 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/09/21 02:36:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/09/21 02:36:24 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/09/21 02:36:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/09/21 02:36:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/09/21 02:36:12 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/09/21 02:36:07 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/11/17 15:50:34 | 001,685,504 | ---- | M] () -- C:\Program Files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe
MOD - [2009/08/29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Users\paul\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/28 01:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/29 17:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/16 20:15:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/12/05 17:32:17 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/03 23:32:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/08/03 23:31:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/27 11:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/29 12:09:28 | 000,105,472 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CtHdaSvc.exe -- (CtHdaSvc)
SRV - [2012/02/08 06:54:32 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/10/19 15:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Tese\x86\ekrn.exe -- (ekrn)
SRV - [2010/05/23 21:28:00 | 003,518,368 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV:64bit: - [2012/09/28 02:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 01:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/16 05:55:46 | 000,038,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/21 02:07:58 | 000,037,912 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901_openvpn_accl.sys -- (tap0901_openvpn_accl)
DRV:64bit: - [2012/05/14 06:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 12:15:40 | 000,023,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtHDb.sys -- (cthdb)
DRV:64bit: - [2012/02/29 12:15:18 | 001,271,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthda.sys -- (cthda)
DRV:64bit: - [2011/10/19 11:43:32 | 000,029,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\I1KBFLTR.sys -- (I1KBFLTR)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/08/01 12:42:10 | 000,057,200 | ---- | M] (Thermaltake) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MS6Filter.sys -- (Thermnaltake MS6 Filter)
DRV:64bit: - [2011/06/14 23:55:24 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/25 07:38:53 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/23 01:17:06 | 002,061,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2010/02/24 10:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010/02/17 18:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 18:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/22 22:18:48 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/09/17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/07/23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/04/03 12:57:36 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdm.sys -- (s116mdm)
DRV:64bit: - [2007/04/03 12:57:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdfl.sys -- (s116mdfl)
DRV:64bit: - [2007/04/03 12:57:34 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116bus.sys -- (s116bus)
DRV:64bit: - [2007/03/20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2011/11/04 04:10:56 | 000,022,336 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/08/01 12:40:20 | 000,031,488 | ---- | M] (Thermaltake) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\MS6Filter.sys -- (Thermnaltake MS6 Filter)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/31 09:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2005/01/03 15:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {E99A578B-ED37-45CC-BEF7-7991C2C0C7BE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E99A578B-ED37-45CC-BEF7-7991C2C0C7BE}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.143
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: D:\DarkFall\Download Manager\npfpdlm.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@live.heroesandgenerals.com/npretox: C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90: C:\Program Files (x86)\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\emo32wyd.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\TESE\MOZILLA THUNDERBIRD [2012/12/20 18:11:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\firefox11.0\components [2012/12/10 15:58:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\firefox11.0\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Firefox\components [2012/12/15 12:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Firefox\plugins [2012/12/12 15:37:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Tese\Mozilla Thunderbird [2012/12/20 18:11:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Firefox\components [2012/12/15 12:57:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Firefox\plugins [2012/12/12 15:37:57 | 000,000,000 | ---D | M]

[2011/10/07 17:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\Mozilla\Extensions
[2011/10/07 17:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/12/12 15:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\emo32wyd.default\extensions
[2011/01/02 19:18:48 | 000,000,000 | ---D | M] () -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\emo32wyd.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: Google Search = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/20 02:09:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Tese\egui.exe (ESET)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BM.exe] C:\Program Files (x86)\HP\Button Manager\BM.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ione] C:\Program Files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe ()
O4 - HKLM..\Run: [Sound Blaster Recon3D PCIe Control Panel] C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [DcnDwhso] C:\Users\paul\AppData\Local\uvyqmiua\dcndwhso.exe ()
O4 - HKCU..\Run: [F.lux] C:\Users\paul\Local Settings\Apps\F.lux\flux.exe ()
O4 - Startup: C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dcndwhso.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} https://sp.itronener...yBoxControl.cab (KeyBox Class)
O16 - DPF: {2A293777-79CA-4DD9-A545-0E1718C0D3CF} https://sp.itronener...yBoxControl.cab (KeyBox Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (SysInfo Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BA9274C-22E9-4BFB-BBAE-25424E0C64B2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892F7C84-392C-440C-BED3-D44859E5D67D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/07 11:09:24 | 000,233,344 | R--- | M] (ESET s.r.o.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/06/30 15:38:30 | 000,000,133 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2011/07/19 07:11:59 | 000,000,000 | R--D | M] - E:\AutorunConfig -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/20 18:43:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe
[2012/12/20 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/12/20 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/12/20 17:48:45 | 000,000,000 | ---D | C] -- C:\Tese
[2012/12/20 02:33:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/20 02:11:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/20 01:44:49 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\RK_Quarantine
[2012/12/20 00:02:15 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\paul\Desktop\TFC.exe
[2012/12/19 23:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/19 19:45:10 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
[2012/12/19 18:49:17 | 000,000,000 | ---D | C] -- C:\Eve
[2012/12/18 21:49:39 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\SUPERAntiSpyware.com
[2012/12/18 07:44:00 | 005,012,372 | R--- | C] (Swearware) -- C:\Users\paul\Desktop\Gotcha.exe
[2012/12/18 05:19:40 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\uvyqmiua
[2012/12/18 02:18:09 | 000,000,000 | ---D | C] -- C:\Users\paul\Documents\Might & Magic Heroes VI
[2012/12/18 02:18:09 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Might & Magic Heroes VI
[2012/12/17 16:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2012/12/17 16:21:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-STCS
[2012/12/14 22:31:10 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\WB Games
[2012/12/14 21:46:34 | 000,000,000 | ---D | C] -- C:\lotr
[2012/12/10 15:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes & Generals
[2012/12/10 15:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes & Generals
[2012/12/09 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\paul\Documents\Firefighter
[2012/12/09 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Heroes Firefighter
[2012/12/09 19:36:19 | 000,000,000 | ---D | C] -- C:\firefighter game
[2012/12/08 17:44:16 | 000,000,000 | ---D | C] -- C:\Stalker online
[2012/12/06 23:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/12/06 23:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/12/06 23:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/12/06 23:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/11/26 15:14:46 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\SteamPopCap
[2012/11/24 14:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/24 14:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/23 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Sony Online Entertainment

========== Files - Modified Within 30 Days ==========

[2012/12/20 18:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe
[2012/12/20 18:38:30 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/20 18:38:30 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/20 18:30:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/20 18:30:01 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 02:09:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/20 01:40:01 | 000,756,224 | ---- | M] () -- C:\Users\paul\Desktop\Rogue-killer.exe
[2012/12/20 00:09:29 | 000,000,867 | ---- | M] () -- C:\Users\paul\Desktop\Malwarye.lnk
[2012/12/20 00:02:17 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\paul\Desktop\TFC.exe
[2012/12/19 22:34:17 | 005,012,372 | R--- | M] (Swearware) -- C:\Users\paul\Desktop\Gotcha.exe
[2012/12/19 22:25:05 | 000,098,152 | --S- | M] () -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dcndwhso.exe
[2012/12/19 21:06:23 | 000,000,046 | ---- | M] () -- C:\Windows\264310
[2012/12/19 19:45:10 | 000,001,450 | ---- | M] () -- C:\Users\paul\Desktop\EVE.lnk
[2012/12/19 18:42:37 | 000,000,024 | ---- | M] () -- C:\Users\paul\jagexappletviewer.preferences
[2012/12/19 18:10:41 | 000,000,032 | ---- | M] () -- C:\Users\paul\jagex_cl_runescape_LIVE.dat
[2012/12/18 05:36:10 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/17 17:38:54 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/17 17:38:54 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/17 16:21:33 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk
[2012/12/17 01:59:15 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/16 20:15:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/16 20:15:40 | 000,001,201 | ---- | M] () -- C:\Users\paul\Desktop\Uplay.lnk
[2012/12/16 01:04:02 | 562,017,014 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/10 15:59:48 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Play Heroes & Generals.lnk
[2012/12/10 15:36:38 | 000,796,508 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/10 15:36:38 | 000,675,668 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/10 15:36:38 | 000,130,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/09 19:37:57 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\Real Heroes Firefighter.lnk
[2012/11/27 05:17:50 | 000,000,201 | ---- | M] () -- C:\Users\paul\Desktop\Train Simulator 2013.url
[2012/11/24 14:57:38 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/23 23:22:09 | 000,001,487 | ---- | M] () -- C:\Users\paul\Desktop\PlanetSide 2.lnk

========== Files Created - No Company Name ==========

[2012/12/20 01:39:59 | 000,756,224 | ---- | C] () -- C:\Users\paul\Desktop\Rogue-killer.exe
[2012/12/19 23:21:56 | 000,000,867 | ---- | C] () -- C:\Users\paul\Desktop\Malwarye.lnk
[2012/12/19 22:25:08 | 000,098,152 | --S- | C] () -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dcndwhso.exe
[2012/12/19 21:06:23 | 000,000,046 | ---- | C] () -- C:\Windows\264310
[2012/12/19 19:45:10 | 000,001,450 | ---- | C] () -- C:\Users\paul\Desktop\EVE.lnk
[2012/12/17 16:21:33 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk
[2012/12/16 20:15:40 | 000,001,201 | ---- | C] () -- C:\Users\paul\Desktop\Uplay.lnk
[2012/12/10 15:59:48 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Play Heroes & Generals.lnk
[2012/12/09 19:37:57 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\Real Heroes Firefighter.lnk
[2012/11/27 04:32:34 | 000,000,201 | ---- | C] () -- C:\Users\paul\Desktop\Train Simulator 2013.url
[2012/11/23 23:22:09 | 000,001,517 | ---- | C] () -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
[2012/11/23 23:22:09 | 000,001,487 | ---- | C] () -- C:\Users\paul\Desktop\PlanetSide 2.lnk
[2012/09/03 02:16:24 | 000,000,024 | ---- | C] () -- C:\Users\paul\jagexappletviewer.preferences
[2012/09/02 00:07:02 | 000,000,044 | ---- | C] () -- C:\Users\paul\jagex_cl_runescape_LIVE3.dat
[2012/09/01 23:34:40 | 000,000,044 | ---- | C] () -- C:\Users\paul\jagex_cl_runescape_LIVE2.dat
[2012/09/01 01:37:22 | 000,000,044 | ---- | C] () -- C:\Users\paul\jagex_cl_runescape_LIVE1.dat
[2012/08/31 20:45:08 | 000,000,032 | ---- | C] () -- C:\Users\paul\jagex_cl_runescape_LIVE.dat
[2012/08/28 19:52:38 | 001,209,805 | ---- | C] () -- C:\Windows\unins000.exe
[2012/08/28 19:52:38 | 000,044,478 | ---- | C] () -- C:\Windows\unins000.dat
[2012/07/10 18:26:43 | 000,000,217 | ---- | C] () -- C:\Windows\RomeTW.ini
[2012/07/10 01:00:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/10 01:00:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/10 01:00:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/10 01:00:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/10 01:00:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/09 12:57:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/02 15:58:33 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2012/04/02 15:58:17 | 000,000,522 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012/04/02 15:58:06 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2012/04/02 15:58:06 | 000,000,840 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2012/02/15 20:12:59 | 000,002,528 | ---- | C] () -- C:\Users\paul\AppData\Roaming\$_hpcst$.hpc
[2012/02/15 02:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 02:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/06 20:46:55 | 000,000,857 | ---- | C] () -- C:\Users\paul\.recently-used.xbel
[2011/12/26 15:06:17 | 003,142,728 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_hos.exe
[2011/10/22 20:05:00 | 000,294,784 | ---- | C] () -- C:\Users\paul\AppData\Roaming\Fallen Earth_2.54.0.3_2011-10-22-20-04.dmp
[2011/10/14 19:34:30 | 000,080,473 | ---- | C] () -- C:\Users\paul\AppData\Roaming\icarus-dxdiag.xml
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/26 22:21:30 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/08/15 11:28:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/07 13:01:39 | 000,007,886 | -HS- | C] () -- C:\Users\paul\AppData\Local\325cq8r6ceko405fg
[2011/04/07 13:01:39 | 000,007,886 | -HS- | C] () -- C:\ProgramData\325cq8r6ceko405fg
[2011/03/25 07:40:22 | 000,001,318 | ---- | C] () -- C:\Windows\cm108.ini
[2011/03/20 15:19:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\EALTEST.EXE
[2011/02/14 16:42:44 | 000,000,261 | ---- | C] () -- C:\Users\paul\AppData\Roaming\net.telestream.ustreamproducer.prefs.xml
[2011/01/29 19:36:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/06 22:32:15 | 000,007,616 | ---- | C] () -- C:\Users\paul\AppData\Local\Resmon.ResmonCfg
[2010/11/04 13:26:29 | 000,000,092 | ---- | C] () -- C:\Users\paul\AppData\Local\fusioncache.dat
[2010/10/12 03:28:01 | 000,000,099 | ---- | C] () -- C:\Users\paul\jagex_runescape_preferences2.dat
[2010/10/12 03:26:46 | 000,000,046 | ---- | C] () -- C:\Users\paul\jagex_runescape_preferences.dat
[2010/07/15 03:54:23 | 000,003,584 | ---- | C] () -- C:\Users\paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/02/05 01:23:39 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 10:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 08:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/12 16:38:14 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\.minecraft
[2012/10/09 04:55:11 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\.spotflux
[2011/01/15 18:52:48 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\APOX
[2010/10/29 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Atari
[2012/10/21 04:01:11 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\AtomZombieData
[2012/07/17 18:08:48 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Bioshock
[2012/07/14 02:46:19 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Civitas2
[2012/07/14 02:35:56 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Civitas3
[2012/06/17 17:56:13 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\CorsixTH
[2012/07/05 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\DAEMON Tools Lite
[2011/02/06 18:35:01 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Darkfall
[2011/04/01 17:06:54 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\DarksporeData
[2011/08/12 06:39:42 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Dreamlords
[2011/11/01 04:51:02 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\driveridentifier
[2012/10/02 19:52:13 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Fatshark
[2012/07/26 23:17:41 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\FFsplit
[2011/01/22 16:09:12 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Firefly Studios
[2011/03/31 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\GameRanger
[2011/01/12 06:10:16 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\gtk-2.0
[2012/08/28 19:54:24 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\iOne
[2012/01/03 03:39:50 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Kalypso Media
[2010/10/29 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Leadertech
[2011/04/05 15:36:37 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\LolClient
[2012/10/21 20:53:25 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\LucasArts
[2012/12/19 02:13:36 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Might & Magic Heroes VI
[2011/01/06 04:47:01 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mount&Blade Warband
[2011/09/17 22:30:30 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/12/07 23:18:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mumble
[2010/07/25 02:29:08 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mumble(PR Edition)
[2010/07/21 23:27:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\My Battle for Middle-earth Files
[2012/09/08 23:17:19 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Natural Selection 2
[2011/06/21 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Octoshape
[2012/08/11 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Origin
[2011/01/20 00:00:28 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\PC Suite
[2010/08/12 02:01:26 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Petroglyph
[2012/09/24 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\PlayFirst
[2011/10/07 17:25:04 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Prism
[2010/12/25 14:40:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\ProtectDISC
[2011/02/27 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\RIFT
[2012/02/15 20:13:23 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Samsung
[2012/06/19 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\six-updater
[2012/06/18 22:20:11 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\six-zsync
[2012/12/17 04:32:38 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\SoftGrid Client
[2011/10/03 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\SplitMediaLabs
[2010/07/17 00:12:11 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Splitscreen Studios
[2011/03/08 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Sports Interactive
[2012/10/09 04:10:37 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Spotflux
[2011/06/24 13:29:04 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Stardock
[2010/09/30 14:49:53 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Subversion
[2011/02/22 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\The Creative Assembly
[2012/03/18 20:44:53 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\TP
[2012/07/18 20:21:09 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\TS3Client
[2010/12/17 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Unity
[2012/11/11 16:28:02 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\uTorrent
[2011/02/14 16:42:59 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Vara Software
[2010/09/03 12:09:05 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\W
[2012/10/13 02:29:43 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\wargaming.net
[2011/02/14 16:48:58 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\WebcamMax
[2011/02/14 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Wirecast
[2012/07/05 19:18:56 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 20 December 2012 - 03:25 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
JonnRC
Posted 20 December 2012 - 03:57 PM

JonnRC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Gringo, thanks for taking the time to help me out.
After restart, the windows command processor popup didn't appear, but I still see the program in processes that makes it popup, and still find it in appdata/local. Also not being able to go on any antivirus sites or microsoft ones and my IE seems slower than it was before in opening pages.

Security check:

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.0
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 11.3.300.268 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````



Adwcleaner:

# AdwCleaner v2.101 - Logfile created 12/20/2012 at 21:43:03
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : paul - PAUL-PC
# Boot Mode : Normal
# Running from : C:\Users\paul\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\paul\AppData\Local\Conduit
Folder Deleted : C:\Users\paul\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\paul\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2903600
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

Profile name : default
File : C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\emo32wyd.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2485 octets] - [20/12/2012 21:43:03]

########## EOF - C:\AdwCleaner[S1].txt - [2545 octets] ##########



RogueKiller :

RogueKiller V8.4.0 [Dec 18 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : paul [Admin rights]
Mode : Remove -- Date : 12/20/2012 21:53:31

¤¤¤ Bad processes : 3 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SUSP PATH] uhlxykdw.exe -- C:\Users\paul\AppData\Local\Temp\uhlxykdw.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DcnDwhso (C:\Users\paul\AppData\Local\uvyqmiua\dcndwhso.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] b2a218b0f7cce8fa53e47e1940244063
[BSP] d08ab60161c24f0d3cf86f4dba81c97f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] cdcf9ed2d3df4483fb16a8936ad4b25b
[BSP] 2d7c1a874b1fa97aae6ab9ba0d5f11cf : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476836 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_12202012_02d2153.txt >>
RKreport[1]_S_12202012_02d0145.txt ; RKreport[2]_S_12202012_02d2152.txt ; RKreport[3]_D_12202012_02d2153.txt

Edited by JonnRC, 20 December 2012 - 04:08 PM.

  • 0

#4
gringo_pr
Posted 20 December 2012 - 04:32 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
JonnRC
Posted 20 December 2012 - 05:23 PM

JonnRC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The popup that I normally got on startup seems to be gone, and I cant see the program/file in task managers processes or in tha appdata/local folder now. But im still unable to go on any antivirus sites or microsoft sites, apart from that im still waiting to see if any of the other problems appear again.






ComboFix 12-12-19.02 - paul 20/12/2012 22:46:03.8.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8190.6522 [GMT 0:00]
Running from: c:\users\paul\Desktop\Gotcha.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\paul\AppData\Local\eidvphvk.log
c:\users\paul\AppData\Local\fyhjlhdh.log
c:\users\paul\AppData\Local\gvwxxmfr.log
c:\users\paul\AppData\Local\jrxqrdmc.log
c:\users\paul\AppData\Local\qxbajahx.log
c:\users\paul\AppData\Local\sqrtvylb.log
c:\users\paul\AppData\Local\uvyqmiua\dcndwhso.exe
c:\users\paul\AppData\Local\wfkjbiiy.log
.
.
((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))
.
.
2012-12-20 23:11 . 2012-12-20 23:11 -------- d--h--w- c:\windows\AxInstSV
2012-12-20 23:09 . 2012-12-20 23:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-20 23:09 . 2012-12-20 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-20 19:39 . 2012-12-20 19:39 -------- d-----w- c:\users\paul\AppData\Local\ESET
2012-12-20 17:48 . 2012-12-20 18:11 -------- d-----w- C:\Tese
2012-12-20 03:23 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F1FCE43-D582-436D-BB7F-FFBDEBEE6423}\mpengine.dll
2012-12-19 23:54 . 2012-12-19 23:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-19 23:53 . 2012-12-19 23:53 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-19 18:49 . 2012-12-19 18:50 -------- d-----w- C:\Eve
2012-12-18 21:49 . 2012-12-19 23:06 -------- d-----w- c:\users\paul\AppData\Local\SUPERAntiSpyware.com
2012-12-18 05:19 . 2012-12-20 23:11 -------- d-----w- c:\users\paul\AppData\Local\uvyqmiua
2012-12-18 02:18 . 2012-12-19 02:13 -------- d-----w- c:\users\paul\AppData\Roaming\Might & Magic Heroes VI
2012-12-14 22:31 . 2012-12-14 22:31 -------- d-----w- c:\users\paul\AppData\Local\WB Games
2012-12-14 21:46 . 2012-12-14 21:46 -------- d-----w- C:\lotr
2012-12-10 15:59 . 2012-12-14 16:25 -------- d-----w- c:\program files (x86)\Heroes & Generals
2012-12-09 19:36 . 2012-12-19 18:19 -------- d-----w- C:\firefighter game
2012-12-08 17:44 . 2012-12-08 19:11 -------- d-----w- C:\Stalker online
2012-12-06 23:24 . 2012-12-06 23:24 -------- d-----w- c:\programdata\ATI
2012-12-06 23:23 . 2012-12-06 23:23 -------- d-----w- c:\program files (x86)\AMD AVT
2012-12-06 23:23 . 2012-12-06 23:23 -------- d-----w- c:\program files (x86)\AMD APP
2012-12-03 14:56 . 2012-12-03 14:56 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18420E50-3BC3-44D9-BD01-C2A7FB8FE4C9}\gapaengine.dll
2012-11-26 15:14 . 2012-12-18 05:27 -------- d-----w- c:\users\paul\AppData\Local\SteamPopCap
2012-11-24 14:57 . 2012-11-24 14:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-23 23:18 . 2012-11-23 23:23 -------- d-----w- c:\users\paul\AppData\Local\Sony Online Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 23:53 . 2012-07-09 20:10 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-19 23:53 . 2010-07-01 03:21 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-17 17:38 . 2010-07-17 22:32 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-17 17:38 . 2010-06-30 19:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-17 01:59 . 2010-06-30 19:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-16 20:15 . 2010-06-30 19:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-08 17:24 . 2012-07-06 02:29 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-17 18:16 . 2012-10-17 18:16 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-09-29 19:54 . 2012-07-08 19:42 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 15:37 . 2012-09-28 15:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 15:36 . 2012-09-28 15:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 15:36 . 2012-09-28 15:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 15:36 . 2012-09-28 15:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 15:36 . 2012-09-28 15:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 15:36 . 2012-09-28 15:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 15:32 . 2012-09-28 15:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2012-02-15 02:34 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-02-15 03:18 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2012-06-11 17:23 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-06-11 16:51 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-06-11 16:36 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2012-09-28 01:22 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-02-15 02:29 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-06-11 16:27 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 79360 ----a-w- c:\windows\system32\amdave64.dll
2012-09-28 01:13 . 2012-09-28 01:13 78336 ----a-w- c:\windows\SysWow64\amdave32.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 74240 ----a-w- c:\windows\system32\atisamu64.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 71168 ----a-w- c:\windows\SysWow64\atisamu32.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2012-09-28 01:11 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-06-11 16:25 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-02-15 02:12 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\paul\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"DcnDwhso"="c:\users\paul\AppData\Local\uvyqmiua\dcndwhso.exe" [2012-12-19 98152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Sound Blaster Recon3D PCIe Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" [2012-02-22 885760]
"ione"="c:\program files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe" [2011-11-17 1685504]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"BM.exe"="c:\program files (x86)\HP\Button Manager\BM.exe" [2011-05-02 1571328]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
dcndwhso.exe [2012-12-19 98152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\users\paul\AppData\Local\uvyqmiua\dcndwhso.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-04-22 35840]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-08-03 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-08-03 79360]
R3 CtHdaSvc;SB Recon3D Service;c:\windows\sysWow64\CtHdaSvc.exe [2012-02-29 105472]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-02-08 131912]
R3 dump_wmimmc;dump_wmimmc;d:\heroes in the skies\Heroes In the Sky\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\hamachi\hamachi-2.exe [2012-06-27 2369960]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 tap0901_openvpn_accl;TAP-Win32 Adapter V9 for OpenVPN Accelerator;c:\windows\system32\DRIVERS\tap0901_openvpn_accl.sys [2012-08-21 37912]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-01 1255736]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\tese\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 cthda;SB Recon3D HDAudio;c:\windows\system32\drivers\cthda.sys [2012-02-29 1271384]
S3 cthdb;SB Recon3D PCIe Audio Bus Filter;c:\windows\system32\DRIVERS\cthdb.sys [2012-02-29 23640]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-14 254528]
S3 I1KBFLTR;Gaming Keyboard;c:\windows\system32\drivers\I1KBFLTR.sys [2011-10-19 29440]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2010-03-23 2061856]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 Thermnaltake MS6 Filter;Thermnaltake MS6 Filter;c:\windows\system32\Drivers\MS6Filter.sys [2011-08-01 57200]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2011-03-25 1308160]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\tese\egui.exe" [2011-09-22 4035152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: clonewarsadventures.com\www
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://sp.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
DPF: {2A293777-79CA-4DD9-A545-0E1718C0D3CF} - hxxps://sp.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
FF - ProfilePath - c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\emo32wyd.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{C44F9E21-D93F-490C-B41C-B3548BDD19FC} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-DarthMod Ultimate Commander Edition - d:\steam\steamapps\common\empire total war\Uninstall_DMUC.exe
AddRemove-Die Polizei - c:\games\police force\uninstall.exe
AddRemove-Real Heroes - Firefighter_is1 - c:\firefighter game\Real Heroes Firefighter\unins000.exe
AddRemove-{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1 - d:\steam\steamapps\common\mountblade warband\Modules\Brytenwalda\Brytenwalda\unins000.exe
AddRemove-{B9472D4C-A2FA-4254-950E-FACF6938D24E}_is1 - c:\games\firefighter sim\Airport Firefighter Simulator\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-616599798-4032252555-2978460489-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:51,6f,af,45,de,91,c6,c5,21,bb,66,13,63,6a,49,a7,d0,53,06,06,d0,20,a7,
59,a9,97,73,ee,40,03,b7,22,7b,95,f2,94,aa,2a,2d,b6,21,f6,86,c3,af,1e,e4,71,\
"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa
.
[HKEY_USERS\S-1-5-21-616599798-4032252555-2978460489-1001\Software\SecuROM\License information*]
"datasecu"=hex:79,ee,2a,ef,8d,8a,28,ec,c4,f1,b1,e7,a0,86,f9,bb,2a,8c,ec,1a,cd,
ed,a8,30,1d,6d,b2,fa,f9,0b,86,7b,26,a8,73,db,77,f7,64,95,e6,58,3b,79,16,c6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-12-20 23:19:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-20 23:19
ComboFix2.txt 2012-12-20 02:10
ComboFix3.txt 2012-12-20 02:04
ComboFix4.txt 2012-12-20 01:18
ComboFix5.txt 2012-12-20 22:45
.
Pre-Run: 151,815,696,384 bytes free
Post-Run: 151,761,584,128 bytes free
.
- - End Of File - - 5AB1007DF22067D9E3498B6698DDC4AD
  • 0

#6
gringo_pr
Posted 20 December 2012 - 05:44 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
JonnRC
Posted 20 December 2012 - 05:48 PM

JonnRC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Im unable to access either of the sites to download the programs, I believe because of the virus I have/had. It gives me "http 404 this webpage cannot be found".

Edited by JonnRC, 20 December 2012 - 05:49 PM.

  • 0

#8
gringo_pr
Posted 20 December 2012 - 06:00 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I would like you to send me a fresh OTL scan please
  • 0

#9
JonnRC
Posted 20 December 2012 - 06:38 PM

JonnRC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here it is,


OTL logfile created on: 21/12/2012 00:05:28 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paul\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 73.86% Memory free
16.00 Gb Paging File | 13.71 Gb Available in Paging File | 85.73% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 141.43 Gb Free Space | 30.37% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 94.71 Gb Free Space | 20.33% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/20 18:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe
PRC - [2012/12/16 20:15:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/22 19:55:48 | 000,885,760 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
PRC - [2011/11/17 15:50:34 | 001,685,504 | ---- | M] () -- C:\Program Files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Tese\x86\ekrn.exe
PRC - [2011/05/02 14:40:12 | 001,571,328 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\Button Manager\BM.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/08/29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Users\paul\Local Settings\Apps\F.lux\flux.exe
PRC - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/21 02:37:16 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/09/21 02:37:06 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/09/21 02:36:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/09/21 02:36:24 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/09/21 02:36:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/09/21 02:36:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/09/21 02:36:12 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/09/21 02:36:07 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/04/30 07:55:48 | 000,026,112 | ---- | M] () -- C:\xsplit\swresample-0.dll
MOD - [2012/04/30 07:55:45 | 008,358,400 | ---- | M] () -- C:\xsplit\avcodec-54.dll
MOD - [2012/04/30 07:55:45 | 001,152,512 | ---- | M] () -- C:\xsplit\avformat-54.dll
MOD - [2012/04/30 07:55:45 | 000,333,824 | ---- | M] () -- C:\xsplit\swscale-2.dll
MOD - [2012/04/30 07:55:45 | 000,151,040 | ---- | M] () -- C:\xsplit\avutil-51.dll
MOD - [2011/11/17 15:50:34 | 001,685,504 | ---- | M] () -- C:\Program Files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe
MOD - [2009/08/29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Users\paul\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/28 01:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/29 17:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/16 20:15:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/12/05 17:32:17 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/03 23:32:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/08/03 23:31:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/27 11:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/29 12:09:28 | 000,105,472 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CtHdaSvc.exe -- (CtHdaSvc)
SRV - [2012/02/08 06:54:32 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/10/19 15:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Tese\x86\ekrn.exe -- (ekrn)
SRV - [2010/05/23 21:28:00 | 003,518,368 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV:64bit: - [2012/09/28 02:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 01:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/16 05:55:46 | 000,038,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/21 02:07:58 | 000,037,912 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901_openvpn_accl.sys -- (tap0901_openvpn_accl)
DRV:64bit: - [2012/05/14 06:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 12:15:40 | 000,023,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtHDb.sys -- (cthdb)
DRV:64bit: - [2012/02/29 12:15:18 | 001,271,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthda.sys -- (cthda)
DRV:64bit: - [2011/10/19 11:43:32 | 000,029,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\I1KBFLTR.sys -- (I1KBFLTR)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/08/01 12:42:10 | 000,057,200 | ---- | M] (Thermaltake) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MS6Filter.sys -- (Thermnaltake MS6 Filter)
DRV:64bit: - [2011/06/14 23:55:24 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/25 07:38:53 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/23 01:17:06 | 002,061,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2010/02/24 10:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010/02/17 18:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 18:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/22 22:18:48 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/09/17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/07/23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/04/03 12:57:36 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdm.sys -- (s116mdm)
DRV:64bit: - [2007/04/03 12:57:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdfl.sys -- (s116mdfl)
DRV:64bit: - [2007/04/03 12:57:34 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116bus.sys -- (s116bus)
DRV:64bit: - [2007/03/20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2011/11/04 04:10:56 | 000,022,336 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/08/01 12:40:20 | 000,031,488 | ---- | M] (Thermaltake) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\MS6Filter.sys -- (Thermnaltake MS6 Filter)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/31 09:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2005/01/03 15:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {E99A578B-ED37-45CC-BEF7-7991C2C0C7BE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E99A578B-ED37-45CC-BEF7-7991C2C0C7BE}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.143
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: D:\DarkFall\Download Manager\npfpdlm.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@live.heroesandgenerals.com/npretox: C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90: C:\Program Files (x86)\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\emo32wyd.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\TESE\MOZILLA THUNDERBIRD [2012/12/20 18:11:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\firefox11.0\components [2012/12/10 15:58:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\firefox11.0\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Firefox\components [2012/12/15 12:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Firefox\plugins [2012/12/12 15:37:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Tese\Mozilla Thunderbird [2012/12/20 18:11:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Firefox\components [2012/12/15 12:57:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Firefox\plugins [2012/12/12 15:37:57 | 000,000,000 | ---D | M]

[2011/10/07 17:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\Mozilla\Extensions
[2011/10/07 17:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/12/12 15:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\emo32wyd.default\extensions
[2011/01/02 19:18:48 | 000,000,000 | ---D | M] () -- C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\emo32wyd.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2012/12/20 23:11:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Tese\egui.exe (ESET)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BM.exe] C:\Program Files (x86)\HP\Button Manager\BM.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ione] C:\Program Files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe ()
O4 - HKLM..\Run: [Sound Blaster Recon3D PCIe Control Panel] C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DcnDwhso] C:\Users\paul\AppData\Local\uvyqmiua\dcndwhso.exe File not found
O4 - HKCU..\Run: [F.lux] C:\Users\paul\Local Settings\Apps\F.lux\flux.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} https://sp.itronener...yBoxControl.cab (KeyBox Class)
O16 - DPF: {2A293777-79CA-4DD9-A545-0E1718C0D3CF} https://sp.itronener...yBoxControl.cab (KeyBox Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (SysInfo Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BA9274C-22E9-4BFB-BBAE-25424E0C64B2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892F7C84-392C-440C-BED3-D44859E5D67D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\paul\AppData\Local\uvyqmiua\dcndwhso.exe) - C:\Users\paul\AppData\Local\uvyqmiua\dcndwhso.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/20 23:19:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/20 23:11:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/12/20 19:39:03 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\ESET
[2012/12/20 18:43:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe
[2012/12/20 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/12/20 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/12/20 17:48:45 | 000,000,000 | ---D | C] -- C:\Tese
[2012/12/20 01:44:49 | 000,000,000 | ---D | C] -- C:\Users\paul\Desktop\RK_Quarantine
[2012/12/20 00:02:15 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\paul\Desktop\TFC.exe
[2012/12/19 23:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/19 19:45:10 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
[2012/12/19 18:49:17 | 000,000,000 | ---D | C] -- C:\Eve
[2012/12/18 21:49:39 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\SUPERAntiSpyware.com
[2012/12/18 07:44:00 | 005,012,372 | R--- | C] (Swearware) -- C:\Users\paul\Desktop\Gotcha.exe
[2012/12/18 02:18:09 | 000,000,000 | ---D | C] -- C:\Users\paul\Documents\Might & Magic Heroes VI
[2012/12/18 02:18:09 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Might & Magic Heroes VI
[2012/12/17 16:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2012/12/17 16:21:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-STCS
[2012/12/14 22:31:10 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\WB Games
[2012/12/14 21:46:34 | 000,000,000 | ---D | C] -- C:\lotr
[2012/12/10 15:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes & Generals
[2012/12/10 15:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes & Generals
[2012/12/09 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\paul\Documents\Firefighter
[2012/12/09 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Heroes Firefighter
[2012/12/09 19:36:19 | 000,000,000 | ---D | C] -- C:\firefighter game
[2012/12/08 17:44:16 | 000,000,000 | ---D | C] -- C:\Stalker online
[2012/12/06 23:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/12/06 23:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/12/06 23:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/12/06 23:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/11/26 15:14:46 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\SteamPopCap
[2012/11/24 14:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/24 14:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/23 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Sony Online Entertainment

========== Files - Modified Within 30 Days ==========

[2012/12/20 23:22:02 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/20 23:22:02 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/20 23:11:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/20 23:11:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/20 23:10:40 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 21:36:19 | 000,547,175 | ---- | M] () -- C:\Users\paul\Desktop\adwcleaner.exe
[2012/12/20 21:36:00 | 000,856,731 | ---- | M] () -- C:\Users\paul\Desktop\SecurityCheck.exe
[2012/12/20 18:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paul\Desktop\OTL.exe
[2012/12/20 01:40:01 | 000,756,224 | ---- | M] () -- C:\Users\paul\Desktop\Rogue-killer.exe
[2012/12/20 00:09:29 | 000,000,867 | ---- | M] () -- C:\Users\paul\Desktop\Malwarye.lnk
[2012/12/20 00:02:17 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\paul\Desktop\TFC.exe
[2012/12/19 22:34:17 | 005,012,372 | R--- | M] (Swearware) -- C:\Users\paul\Desktop\Gotcha.exe
[2012/12/19 21:06:23 | 000,000,046 | ---- | M] () -- C:\Windows\264310
[2012/12/19 19:45:10 | 000,001,450 | ---- | M] () -- C:\Users\paul\Desktop\EVE.lnk
[2012/12/19 18:42:37 | 000,000,024 | ---- | M] () -- C:\Users\paul\jagexappletviewer.preferences
[2012/12/19 18:10:41 | 000,000,032 | ---- | M] () -- C:\Users\paul\jagex_cl_runescape_LIVE.dat
[2012/12/18 05:36:10 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/17 17:38:54 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/17 17:38:54 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/17 16:21:33 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk
[2012/12/17 01:59:15 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/16 20:15:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/16 20:15:40 | 000,001,201 | ---- | M] () -- C:\Users\paul\Desktop\Uplay.lnk
[2012/12/16 01:04:02 | 562,017,014 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/10 15:59:48 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Play Heroes & Generals.lnk
[2012/12/10 15:36:38 | 000,796,508 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/10 15:36:38 | 000,675,668 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/10 15:36:38 | 000,130,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/09 19:37:57 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\Real Heroes Firefighter.lnk
[2012/11/27 05:17:50 | 000,000,201 | ---- | M] () -- C:\Users\paul\Desktop\Train Simulator 2013.url
[2012/11/24 14:57:38 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/23 23:22:09 | 000,001,487 | ---- | M] () -- C:\Users\paul\Desktop\PlanetSide 2.lnk

========== Files Created - No Company Name ==========

[2012/12/20 21:36:18 | 000,547,175 | ---- | C] () -- C:\Users\paul\Desktop\adwcleaner.exe
[2012/12/20 21:35:56 | 000,856,731 | ---- | C] () -- C:\Users\paul\Desktop\SecurityCheck.exe
[2012/12/20 01:39:59 | 000,756,224 | ---- | C] () -- C:\Users\paul\Desktop\Rogue-killer.exe
[2012/12/19 23:21:56 | 000,000,867 | ---- | C] () -- C:\Users\paul\Desktop\Malwarye.lnk
[2012/12/19 21:06:23 | 000,000,046 | ---- | C] () -- C:\Windows\264310
[2012/12/19 19:45:10 | 000,001,450 | ---- | C] () -- C:\Users\paul\Desktop\EVE.lnk
[2012/12/17 16:21:33 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk
[2012/12/16 20:15:40 | 000,001,201 | ---- | C] () -- C:\Users\paul\Desktop\Uplay.lnk
[2012/12/10 15:59:48 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Play Heroes & Generals.lnk
[2012/12/09 19:37:57 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\Real Heroes Firefighter.lnk
[2012/11/27 04:32:34 | 000,000,201 | ---- | C] () -- C:\Users\paul\Desktop\Train Simulator 2013.url
[2012/11/23 23:22:09 | 000,001,517 | ---- | C] () -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
[2012/11/23 23:22:09 | 000,001,487 | ---- | C] () -- C:\Users\paul\Desktop\PlanetSide 2.lnk
[2012/09/03 02:16:24 | 000,000,024 | ---- | C] () -- C:\Users\paul\jagexappletviewer.preferences
[2012/09/02 00:07:02 | 000,000,044 | ---- | C] () -- C:\Users\paul\jagex_cl_runescape_LIVE3.dat
[2012/09/01 23:34:40 | 000,000,044 | ---- | C] () -- C:\Users\paul\jagex_cl_runescape_LIVE2.dat
[2012/09/01 01:37:22 | 000,000,044 | ---- | C] () -- C:\Users\paul\jagex_cl_runescape_LIVE1.dat
[2012/08/31 20:45:08 | 000,000,032 | ---- | C] () -- C:\Users\paul\jagex_cl_runescape_LIVE.dat
[2012/08/28 19:52:38 | 001,209,805 | ---- | C] () -- C:\Windows\unins000.exe
[2012/08/28 19:52:38 | 000,044,478 | ---- | C] () -- C:\Windows\unins000.dat
[2012/07/10 18:26:43 | 000,000,217 | ---- | C] () -- C:\Windows\RomeTW.ini
[2012/07/10 01:00:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/10 01:00:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/10 01:00:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/10 01:00:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/10 01:00:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/09 12:57:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/02 15:58:33 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2012/04/02 15:58:17 | 000,000,522 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012/04/02 15:58:06 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2012/04/02 15:58:06 | 000,000,840 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2012/02/15 20:12:59 | 000,002,528 | ---- | C] () -- C:\Users\paul\AppData\Roaming\$_hpcst$.hpc
[2012/02/15 02:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 02:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/06 20:46:55 | 000,000,857 | ---- | C] () -- C:\Users\paul\.recently-used.xbel
[2011/12/26 15:06:17 | 003,142,728 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_hos.exe
[2011/10/22 20:05:00 | 000,294,784 | ---- | C] () -- C:\Users\paul\AppData\Roaming\Fallen Earth_2.54.0.3_2011-10-22-20-04.dmp
[2011/10/14 19:34:30 | 000,080,473 | ---- | C] () -- C:\Users\paul\AppData\Roaming\icarus-dxdiag.xml
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/26 22:21:30 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/08/15 11:28:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/07 13:01:39 | 000,007,886 | -HS- | C] () -- C:\Users\paul\AppData\Local\325cq8r6ceko405fg
[2011/04/07 13:01:39 | 000,007,886 | -HS- | C] () -- C:\ProgramData\325cq8r6ceko405fg
[2011/03/25 07:40:22 | 000,001,318 | ---- | C] () -- C:\Windows\cm108.ini
[2011/03/20 15:19:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\EALTEST.EXE
[2011/02/14 16:42:44 | 000,000,261 | ---- | C] () -- C:\Users\paul\AppData\Roaming\net.telestream.ustreamproducer.prefs.xml
[2011/01/29 19:36:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/06 22:32:15 | 000,007,616 | ---- | C] () -- C:\Users\paul\AppData\Local\Resmon.ResmonCfg
[2010/11/04 13:26:29 | 000,000,092 | ---- | C] () -- C:\Users\paul\AppData\Local\fusioncache.dat
[2010/10/12 03:28:01 | 000,000,099 | ---- | C] () -- C:\Users\paul\jagex_runescape_preferences2.dat
[2010/10/12 03:26:46 | 000,000,046 | ---- | C] () -- C:\Users\paul\jagex_runescape_preferences.dat
[2010/07/15 03:54:23 | 000,003,584 | ---- | C] () -- C:\Users\paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/02/05 01:23:39 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 10:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 08:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/12 16:38:14 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\.minecraft
[2012/10/09 04:55:11 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\.spotflux
[2011/01/15 18:52:48 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\APOX
[2010/10/29 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Atari
[2012/10/21 04:01:11 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\AtomZombieData
[2012/07/17 18:08:48 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Bioshock
[2012/07/14 02:46:19 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Civitas2
[2012/07/14 02:35:56 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Civitas3
[2012/06/17 17:56:13 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\CorsixTH
[2012/07/05 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\DAEMON Tools Lite
[2011/02/06 18:35:01 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Darkfall
[2011/04/01 17:06:54 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\DarksporeData
[2011/08/12 06:39:42 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Dreamlords
[2011/11/01 04:51:02 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\driveridentifier
[2012/10/02 19:52:13 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Fatshark
[2012/07/26 23:17:41 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\FFsplit
[2011/01/22 16:09:12 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Firefly Studios
[2011/03/31 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\GameRanger
[2011/01/12 06:10:16 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\gtk-2.0
[2012/08/28 19:54:24 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\iOne
[2012/01/03 03:39:50 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Kalypso Media
[2010/10/29 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Leadertech
[2011/04/05 15:36:37 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\LolClient
[2012/10/21 20:53:25 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\LucasArts
[2012/12/19 02:13:36 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Might & Magic Heroes VI
[2011/01/06 04:47:01 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mount&Blade Warband
[2011/09/17 22:30:30 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/12/07 23:18:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mumble
[2010/07/25 02:29:08 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Mumble(PR Edition)
[2010/07/21 23:27:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\My Battle for Middle-earth Files
[2012/09/08 23:17:19 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Natural Selection 2
[2011/06/21 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Octoshape
[2012/08/11 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Origin
[2011/01/20 00:00:28 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\PC Suite
[2010/08/12 02:01:26 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Petroglyph
[2012/09/24 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\PlayFirst
[2011/10/07 17:25:04 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Prism
[2010/12/25 14:40:29 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\ProtectDISC
[2011/02/27 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\RIFT
[2012/02/15 20:13:23 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Samsung
[2012/06/19 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\six-updater
[2012/06/18 22:20:11 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\six-zsync
[2012/12/17 04:32:38 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\SoftGrid Client
[2011/10/03 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\SplitMediaLabs
[2010/07/17 00:12:11 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Splitscreen Studios
[2011/03/08 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Sports Interactive
[2012/10/09 04:10:37 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Spotflux
[2011/06/24 13:29:04 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Stardock
[2010/09/30 14:49:53 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Subversion
[2011/02/22 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\The Creative Assembly
[2012/03/18 20:44:53 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\TP
[2012/07/18 20:21:09 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\TS3Client
[2010/12/17 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Unity
[2012/11/11 16:28:02 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\uTorrent
[2011/02/14 16:42:59 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Vara Software
[2010/09/03 12:09:05 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\W
[2012/10/13 02:29:43 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\wargaming.net
[2011/02/14 16:48:58 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\WebcamMax
[2011/02/14 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Wirecast

========== Purity Check ==========



< End of report >
  • 0

#10
gringo_pr
Posted 20 December 2012 - 06:42 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: D:\DarkFall\Download Manager\npfpdlm.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90: C:\Program Files (x86)\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.
O4 - HKCU..\Run: [DcnDwhso] C:\Users\paul\AppData\Local\uvyqmiua\dcndwhso.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: UserInit - (C:\Users\paul\AppData\Local\uvyqmiua\dcndwhso.exe) - C:\Users\paul\AppData\Local\uvyqmiua\dcndwhso.exe File not found
[2011/04/07 13:01:39 | 000,007,886 | -HS- | C] () -- C:\Users\paul\AppData\Local\325cq8r6ceko405fg
[2011/04/07 13:01:39 | 000,007,886 | -HS- | C] () -- C:\ProgramData\325cq8r6ceko405fg
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
[reboot]
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

Advertisements

#11
JonnRC
Posted 20 December 2012 - 06:52 PM

JonnRC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
It didn't give me any report when it started back up, im also still unable to open those website pages.
  • 0

#12
gringo_pr
Posted 20 December 2012 - 07:04 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
  • 0

#13
JonnRC
Posted 20 December 2012 - 07:07 PM

JonnRC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Windows IP Configuration

Host Name . . . . . . . . . . . . : paul-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek 8185 Extensible 802.11b/g Wireless Device #2
Physical Address. . . . . . . . . : 00-16-0A-1C-77-DD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 6C-F0-49-50-41-36
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::28af:109b:7503:194b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 21 December 2012 00:45:49
Lease Expires . . . . . . . . . . : 22 December 2012 00:45:50
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 242020425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-BD-4A-F5-6C-F0-49-50-41-36
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-8F-FF-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::58f:ffd9(Preferred)
Link-local IPv6 Address . . . . . : fe80::7c14:7bd:d2f3:34b3%16(Preferred)
IPv4 Address. . . . . . . . . . . : 5.143.255.217(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : 21 December 2012 00:45:49
Lease Expires . . . . . . . . . . : 21 December 2012 01:11:14
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 310016402
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-BD-4A-F5-6C-F0-49-50-41-36
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{FF9D7809-B06E-42FB-B6E7-551B22AC0ADE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1c25:1ad8:3f57:fffd(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c25:1ad8:3f57:fffd%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{75AEB4FC-C85C-4960-89F3-619CB15844D9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4BA9274C-22E9-4BFB-BBAE-25424E0C64B2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:805::1002
173.194.34.70
173.194.34.67
173.194.34.69
173.194.34.72
173.194.34.78
173.194.34.73
173.194.34.71
173.194.34.65
173.194.34.64
173.194.34.66
173.194.34.68

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging google.com [173.194.34.168] with 32 bytes of data:
Reply from 173.194.34.168: bytes=32 time=25ms TTL=52
Reply from 173.194.34.168: bytes=32 time=25ms TTL=52

Ping statistics for 173.194.34.168:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 25ms, Average = 25ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=197ms TTL=45
Reply from 98.139.183.24: bytes=32 time=240ms TTL=44

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 197ms, Maximum = 240ms, Average = 218ms
===========================================================================
Interface List
18...00 16 0a 1c 77 dd ......Realtek 8185 Extensible 802.11b/g Wireless Device #2
10...6c f0 49 50 41 36 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
16...7a 79 05 8f ff d9 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.143.255.217 9256
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 10
5.0.0.0 255.0.0.0 On-link 5.143.255.217 9256
5.143.255.217 255.255.255.255 On-link 5.143.255.217 9256
5.255.255.255 255.255.255.255 On-link 5.143.255.217 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 266
192.168.0.2 255.255.255.255 On-link 192.168.0.2 266
192.168.0.255 255.255.255.255 On-link 192.168.0.2 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 266
224.0.0.0 240.0.0.0 On-link 5.143.255.217 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 266
255.255.255.255 255.255.255.255 On-link 5.143.255.217 9256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:1c25:1ad8:3f57:fffd/128
On-link
16 276 2620:9b::/64 On-link
16 276 2620:9b::/96 On-link
16 276 2620:9b::58f:ffd9/128 On-link
10 266 fe80::/64 On-link
16 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::1c25:1ad8:3f57:fffd/128
On-link
10 266 fe80::28af:109b:7503:194b/128
On-link
16 276 fe80::7c14:7bd:d2f3:34b3/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 266 ff00::/8 On-link
16 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
  • 0

#14
gringo_pr
Posted 20 December 2012 - 07:17 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
  • 0

#15
JonnRC
Posted 21 December 2012 - 12:05 PM

JonnRC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi again gringo, that didn't go quite so well after resetting the router it wouldn't automatically find the dns server, and then when it did it would just keep redirecting me to 62.6.38.125/index/html . Then I got it working again somehow ^^ . Anyway here is the router.bat file. Also since yesterday, my skype has started crashing every time I try to open it, and the microsoft command processor popsup every so often now.


Windows IP Configuration

Host Name . . . . . . . . . . . . : paul-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek 8185 Extensible 802.11b/g Wireless Device #2
Physical Address. . . . . . . . . : 00-16-0A-1C-77-DD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 6C-F0-49-50-41-36
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::28af:109b:7503:194b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 21 December 2012 17:56:28
Lease Expires . . . . . . . . . . : 22 December 2012 17:56:28
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 242020425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-BD-4A-F5-6C-F0-49-50-41-36
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-8F-FF-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::58f:ffd9(Preferred)
Link-local IPv6 Address . . . . . : fe80::7c14:7bd:d2f3:34b3%16(Preferred)
IPv4 Address. . . . . . . . . . . : 5.143.255.217(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : 21 December 2012 17:36:49
Lease Expires . . . . . . . . . . : 21 December 2012 18:04:08
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 310016402
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-BD-4A-F5-6C-F0-49-50-41-36
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{FF9D7809-B06E-42FB-B6E7-551B22AC0ADE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:243f:3282:a97f:6362(Preferred)
Link-local IPv6 Address . . . . . : fe80::243f:3282:a97f:6362%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4BA9274C-22E9-4BFB-BBAE-25424E0C64B2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:802::1005
173.194.34.164
173.194.34.165
173.194.34.163
173.194.34.167
173.194.34.174
173.194.34.168
173.194.34.161
173.194.34.160
173.194.34.166
173.194.34.169
173.194.34.162

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging google.com [173.194.34.69] with 32 bytes of data:
Reply from 173.194.34.69: bytes=32 time=25ms TTL=52
Reply from 173.194.34.69: bytes=32 time=25ms TTL=52

Ping statistics for 173.194.34.69:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 25ms, Average = 25ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=843ms TTL=45
Reply from 98.139.183.24: bytes=32 time=792ms TTL=45

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 792ms, Maximum = 843ms, Average = 817ms
===========================================================================
Interface List
18...00 16 0a 1c 77 dd ......Realtek 8185 Extensible 802.11b/g Wireless Device #2
10...6c f0 49 50 41 36 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
16...7a 79 05 8f ff d9 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.143.255.217 9256
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 10
5.0.0.0 255.0.0.0 On-link 5.143.255.217 9256
5.143.255.217 255.255.255.255 On-link 5.143.255.217 9256
5.255.255.255 255.255.255.255 On-link 5.143.255.217 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.3 266
192.168.0.3 255.255.255.255 On-link 192.168.0.3 266
192.168.0.255 255.255.255.255 On-link 192.168.0.3 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.3 266
224.0.0.0 240.0.0.0 On-link 5.143.255.217 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.3 266
255.255.255.255 255.255.255.255 On-link 5.143.255.217 9256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fb:243f:3282:a97f:6362/128
On-link
16 276 2620:9b::/64 On-link
16 276 2620:9b::/96 On-link
16 276 2620:9b::58f:ffd9/128 On-link
10 266 fe80::/64 On-link
16 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::243f:3282:a97f:6362/128
On-link
10 266 fe80::28af:109b:7503:194b/128
On-link
16 276 fe80::7c14:7bd:d2f3:34b3/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 266 ff00::/8 On-link
16 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================

Edited by JonnRC, 21 December 2012 - 12:09 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP