Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Weird "Survey" virus is taking over my computer - please help&


  • This topic is locked This topic is locked

#1
Talwyn

Talwyn

    Member

  • Member
  • PipPip
  • 24 posts
Hi guys,

I'm not all that familiar with viruses, but this one was extremely annoying. When the computer starts up, "bip" sounds starts to play and a lot of error messages pop up (Internet explorer amongst those), and then a text box with the following message suddenly appear:

Complete a survey and download that text file which contains your unique code. Don't do that and you'll be stuck around this message forever. Even after formatting! Attempting to enter the wrong code 3 times will clean up your entire system!


It takes you to the site "l i n k z . i t / b C u" automatically, which incidentally is blocked by one of the larger Norwegian IT firms that block confirmed virus sites (I spaced the link just in case, so that others don't accidentally click on it). I couldn't enter it even if I wanted to.

If I let the computer be for a short time, it'll start popping up new messages, about how the "My Documents" folder has something wrong with it and should be reinstalled, etc, etc. I can't start any programs or antiviruses, so I can't seem to get rid of it that way. Supposedly a child of a friend tried to download a "hack" to a game (to let you see through walls, or something), and that's where this came from.

Is there ANY help out there? I don't know if it speaks the truth about formatting, so I've just shut it off for now, hoping for an enlightening answer. Since I can't do anything on the computer except visiting the given website and enter the code in the "survey box", links to malware-removal tools that requires me to download or manually apply/start aren't helpful. An antivirus that I can install on a memory-stick for automatic scan when I plug it in, would probably be useful though! Otherwise, I'm all ears!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I see that Argus is helping at Avast, do you wish to continue there
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have just spoken to Argus and he is happy for you to carry on here

What is your operating system XP, Vista, 7 or 8
And is it 32 or 64 bit

Also do you have a USB of at least 1GB
  • 0

#4
Talwyn

Talwyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I posted my messages on both Norton and Avast, hoping for a quick answer from one of them, but Norton recommended you guys (since their malware expert was away), and I hadn't received the last message on Avast yet when I posted here.

Avast instructed me to continue here, now, though, so any help is welcome. :)
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you let me know what your operating system is
  • 0

#6
Talwyn

Talwyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Windows 7, and I would "guess" it to be x64. It belongs to a friend of mine (who is completely useless at computers, hence why I'm helping). It has 8GB Ram installed (by the seller) so I would think 64bit to be the logical choice.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the following three programmes to your desktop :


1. Rufus

For 64bit systems
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Insert the USB stick Then run Rufus
Posted Image
Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Posted Image
Once the burn has completed
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7.
Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#8
Talwyn

Talwyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Unfortunately, that doesn't work. I get as far as booting the USB disk, starting the recovery tool, and then it stops where it looks for your operating system. I'm given the message "an error was discovered in the boot options on your OS. Repair and restart now?" Choosing no will not stop me from going onwards, but even though I start notepad and look around the computer, the USB disk is not found. Weirdly enough, it finds the local harddrive even though it couldn't find my operating system. Something seems to be stopping the program from finding the USB and registering the OS.

Attempting to repair and restart only give me an "Error. Repair failed," and nothing happens...

*sigh*

Any alternate routes?
  • 0

#9
Talwyn

Talwyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
The operating system is, to my puzzlement, installed on X:\. Now, since it's not my computer, I can't swear to its original location, but that just seems weird to me. It might be the cause of the missing OS though, if the virus somehow reroutes the directories... but that's really a rather baseless assumption on my part. Might be nothing.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No X is the right place as that is the recovery console designation

OK what we will do is use a different programme on the USB .. A stripped down version of XP and OTL

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly

Posted Image

Download the following files to the desktop .. Right click the links and select save as...then select desktop

Rufus

OTLPE_standard

Right click OTLPE on your desktop and select ..Open as archive

Posted Image


Select OTLPE standard

Posted Image

Click Extract, ensure that desktop is selected

Posted Image

Insert the USB stick Then run Rufus
Posted Image
Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Posted Image

  • Reboot your system using the boot USB you just created.
  • Your system should now display a Reatogo desktop.
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

Advertisements


#11
Talwyn

Talwyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Since I didn't receive any further answers last night, I tried "Windows Defender Offline" as a bootable USB (saw the recommendation in another forum). It finished a few seconds ago, and so far it's found the viruses;

Worm:Win32/Ainslot.A
Worm:Win32/Gamarue.P
Trojan:Win32/Ceatrg.B
Trojan:MSIL/Lockscrean.A
TrojanDownloader:Win32/Wadolin.A
Worm:Win32/Dorkbot.A

All of them have a "severe" warning on them. I'm going to try and clean it out now.. hopefully the antivirus will succeed. If not I will try your solution. :)
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK an auto clean is good, if you could follow up with an OTL scan on completion (if it works) then I will remove any residue

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#13
Talwyn

Talwyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Okay, will do. :)

The antivirus claimed it was successful.
When restarted, the OS wouldn't start, but this time the "repair" function on the windows 7 cd worked just fine.
Windows started up.
Virus seem to be gone - I'm not getting a locked screen anymore.
Still get a few error messages: "Runtime error 216 at 00253AC6"

Downloading your program now.
  • 0

#14
Talwyn

Talwyn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here are the .txt files. Btw, I saw that the program you gave me only checked the last 30 days... according to the owner, the virus might have entered the computer as early as at the start of January, even though it activated first a few weeks ago. Should I do another check with OTL with the settings on 90 days instead of 30? The accompanying files are for the standard settings you mentioned above.

OTL logfile created on: 28.03.2013 16:11:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000814 | Country: Norge | Language: NON | Date Format: dd.MM.yyyy

7,48 Gb Total Physical Memory | 6,02 Gb Available Physical Memory | 80,44% Memory free
14,95 Gb Paging File | 13,33 Gb Available in Paging File | 89,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,66 Gb Total Space | 385,28 Gb Free Space | 86,06% Space Free | Partition Type: NTFS
Drive E: | 14,72 Gb Total Space | 14,63 Gb Free Space | 99,40% Space Free | Partition Type: NTFS

Computer Name: markus-PC | User Name: markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.28 16:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2013.02.19 17:04:16 | 032,265,146 | -HS- | M] () -- C:\ProgramData\HotplugDevices\USBplug32.exe
PRC - [2013.02.19 17:04:16 | 032,265,146 | -HS- | M] () -- C:\ProgramData\HotplugDevices\HDAudio32.exe
PRC - [2013.02.18 21:53:00 | 000,014,336 | RH-- | M] (Microsoft Corporation) -- C:\Users\markus\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe
PRC - [2013.02.18 21:52:55 | 000,098,304 | RHS- | M] (Advanced Methods, Inc. ) -- C:\Users\markus\AppData\Roaming\hidserv.exe
PRC - [2013.02.18 21:52:55 | 000,098,304 | RH-- | M] (Advanced Methods, Inc. ) -- C:\Users\markus\AppData\Local\Temp\BioCredProv.exe
PRC - [2013.02.02 23:11:02 | 000,007,168 | -HS- | M] () -- C:\Users\markus\AppData\Roaming\3.exe
PRC - [2013.02.02 19:02:15 | 000,054,272 | ---- | M] (Ufasoft) -- C:\Users\markus\AppData\Roaming\Mining\coin-miner.exe
PRC - [2013.01.23 20:58:25 | 000,348,160 | ---- | M] () -- C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
PRC - [2012.12.25 11:36:39 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\markus\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012.11.06 15:53:54 | 037,309,952 | ---- | M] () -- C:\ProgramData\ServiceApp\uTorent.exe
PRC - [2012.10.21 09:46:36 | 000,197,152 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2012.10.21 09:46:16 | 000,218,144 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012.03.23 10:33:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012.03.23 10:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012.03.23 10:33:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012.03.23 10:33:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012.02.29 14:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2012.02.07 01:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2011.07.14 06:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
PRC - [2011.06.06 20:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.29 23:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.11.21 04:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010.09.30 11:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2013.02.19 17:04:16 | 032,265,146 | -HS- | M] () -- C:\ProgramData\HotplugDevices\USBplug32.exe
MOD - [2013.02.19 17:04:16 | 032,265,146 | -HS- | M] () -- C:\ProgramData\HotplugDevices\HDAudio32.exe
MOD - [2013.02.16 11:55:11 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1ea01658676f73cf48ebde8e904a0464\System.Configuration.Install.ni.dll
MOD - [2013.02.16 11:38:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.04 14:59:38 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f1ed9259488bd5e34e4ff4bf2f01687\System.Data.ni.dll
MOD - [2013.02.03 20:46:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.03 20:41:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.03 20:39:14 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.02.02 23:11:06 | 000,003,584 | ---- | M] () -- C:\Users\markus\AppData\Local\Temp\2f42.dll
MOD - [2013.02.02 23:11:02 | 000,007,168 | -HS- | M] () -- C:\Users\markus\AppData\Roaming\3.exe
MOD - [2012.11.06 15:53:54 | 037,309,952 | ---- | M] () -- C:\ProgramData\ServiceApp\uTorent.exe
MOD - [2012.11.06 13:04:10 | 000,322,048 | ---- | M] () -- C:\ProgramData\ServiceApp\libcurl-4.dll
MOD - [2012.11.06 13:04:10 | 000,224,256 | ---- | M] () -- C:\ProgramData\ServiceApp\libidn-11.dll
MOD - [2012.11.06 13:04:10 | 000,122,368 | ---- | M] () -- C:\ProgramData\ServiceApp\zlib1.dll
MOD - [2010.11.21 04:24:23 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:51:16 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_no_b77a5c561934e089\mscorlib.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.02.29 07:41:26 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.02.08 01:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012.02.07 01:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.05 06:34:27 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.23 10:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012.02.29 14:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.06.06 20:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.29 23:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.30 11:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.29 09:26:12 | 000,342,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012.03.19 12:29:16 | 000,244,560 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.29 08:01:58 | 010,819,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.02.29 06:41:08 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.02.01 05:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012.01.16 08:49:16 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012.01.13 09:05:56 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.01.11 05:38:28 | 002,801,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.12.05 08:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.10.25 16:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.10.25 16:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.07.14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.03.19 11:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goo...433&lg=EN&cc=NO
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.goo...433&lg=EN&cc=NO
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...5-2ACDBE446AEE}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goo...433&lg=EN&cc=NO
IE - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\..\SearchScopes\{32DBC436-4EA6-423A-BBFC-7617019C654B}: "URL" = http://websearch.ask...D4-15F5269B1ACF
IE - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.goo...433&lg=EN&cc=NO
IE - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...5-2ACDBE446AEE}
IE - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\markus\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - homepage: http://websearch.goo...433&lg=EN&cc=NO
CHR - Extension: No name found = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmffdbpikjhgkpjljphnjhadpnlfijmg\1\
CHR - Extension: No name found = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbgmlohlmmncmpnpjegampimcbfjjpek\1\
CHR - Extension: No name found = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Browse2save) - {7F6DE69E-0AE0-7902-8D7F-F0A571F467CA} - C:\ProgramData\Browse2save\510d70767b223.dll ()
O2 - BHO: (Search-NewTab) - {CAB3C5D2-397A-EB99-1843-06A0CE22C941} - C:\ProgramData\Search-NewTab\510d7223c85a6.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [adsacquy] C:\WINDOWS\adsclick.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [adsmini] C:\WINDOWS\runadsmini.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Authorization Framework] C:\Users\markus\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Cyberlink] C:\Users\markus\AppData\Roaming\Cyberlink.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Facebook Update] C:\Users\markus\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [HDAudio32.exe] C:\ProgramData\HotplugDevices\HDAudio32.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [HKCU] C:\directory\CyberGate\install\server.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Huvsvz] C:\Users\markus\AppData\Roaming\Huvsvz.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Java] C:\Users\markus\AppData\Roaming\Java.exe (Julien Game)
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [moin-ciner.exe] C:\Users\markus\Documents\Services\doin-diner.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Piadfe] C:\Users\markus\AppData\Roaming\Dooqwy\izry.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Startup] C:\Users\markus\AppData\Roaming\Mining\MiningdpCORECT.exe (Company)
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [widnsszhost.exe] C:\Users\markus\Documents\Services\svrhoster.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Win32load] C:\Users\markus\AppData\Roaming\3.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Windows Update System] C:\Users\markus\AppData\Roaming\hidserv.exe (Advanced Methods, Inc. )
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [windowsfirewal] C:\Users\markus\AppData\Roaming\windowsfirewall.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\RunOnce: [HDAudio32.exe] C:\ProgramData\HotplugDevices\HDAudio32.exe ()
O4 - Startup: C:\Users\markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.exe (Microsoft Corporation)
O4 - Startup: C:\Users\markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\USBplug32.exe ()
F3:64bit: - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000 WinNT: Load - (c:\users\markus\dxjcrmg.exe) - c:\users\markus\dxjcrmg.exe ()
F3 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000 WinNT: Load - (c:\users\markus\dxjcrmg.exe) - c:\users\markus\dxjcrmg.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64FAB173-31CA-4434-8C04-A6A1B1257C64}: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\progra~2\browse~1\sprote~1.dll ()
O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) - c:\progra~2\websea~1\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000 Winlogon: Shell - (C:\Users\markus\AppData\Roaming\Cyberlink.exe) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.03.29 00:31:21 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2013.03.28 16:05:11 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{D8D84171-91A6-4F66-9049-B8CA93D02EE1}
[2013.03.04 19:12:24 | 000,000,000 | ---D | C] -- C:\Users\markus\Low_00FEC012
[2013.02.18 21:53:01 | 000,098,304 | RHS- | C] (Advanced Methods, Inc. ) -- C:\Users\markus\AppData\Roaming\hidserv.exe
[2013.02.16 23:21:23 | 000,569,344 | ---- | C] (Julien Game) -- C:\Users\markus\AppData\Roaming\Java.exe
[2013.02.05 20:37:30 | 001,169,224 | RHS- | C] (Microsoft Corporation) -- C:\Users\markus\AppData\Roaming\Adobe.exe
[2010.11.21 04:23:54 | 000,055,632 | ---- | C] (Microsoft Corporation) -- C:\Users\markus\AppData\Roaming\B2BWRKE1O0.exe

========== Files - Modified Within 30 Days ==========

[2013.03.28 16:13:54 | 003,311,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.28 16:13:54 | 000,653,540 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013.03.28 16:13:54 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.28 16:13:54 | 000,499,098 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013.03.28 16:13:54 | 000,492,532 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013.03.28 16:13:54 | 000,471,238 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2013.03.28 16:13:54 | 000,141,360 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013.03.28 16:13:54 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.28 16:13:54 | 000,100,018 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2013.03.28 16:13:54 | 000,097,358 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013.03.28 16:13:54 | 000,094,290 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013.03.28 16:11:00 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.28 16:11:00 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.28 16:09:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.28 16:04:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.28 16:04:19 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\schedule!3036567561.job
[2013.03.28 16:03:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.28 16:03:27 | 1727,029,247 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.05 18:58:47 | 000,000,602 | ---- | M] () -- C:\Users\markus\AppData\Roaming\[bleep]IT
[2013.03.04 18:36:14 | 000,850,169 | ---- | M] () -- C:\Users\markus\AppData\Roaming\qghumeaylnlfdxfircvs85.exe
[2013.03.04 18:33:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.04 18:32:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.04 18:31:54 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1156463656-3009297498-3070344828-1000UA.job
[2013.03.04 18:31:44 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1156463656-3009297498-3070344828-1000Core.job

========== Files Created - No Company Name ==========

[2013.03.28 16:09:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.04 19:22:29 | 000,000,602 | ---- | C] () -- C:\Users\markus\AppData\Roaming\[bleep]IT
[2013.02.18 21:56:00 | 000,850,169 | ---- | C] () -- C:\Users\markus\AppData\Roaming\qghumeaylnlfdxfircvs85.exe
[2013.02.16 23:21:53 | 000,001,611 | ---- | C] () -- C:\Users\markus\AppData\Roaming\log
[2013.02.13 19:42:04 | 000,075,264 | ---- | C] () -- C:\Users\markus\AppData\Roaming\SkypeUpdate.exe
[2013.02.10 10:59:32 | 032,265,296 | ---- | C] () -- C:\Users\markus\AppData\Roaming\5k09s.exe
[2013.02.08 07:33:03 | 000,096,256 | -HS- | C] () -- C:\Users\markus\AppData\Roaming\Huvsvz.exe
[2013.02.03 16:46:22 | 000,154,283 | -H-- | C] () -- C:\Users\markus\AppData\Roaming\markus-wchelper.dll
[2013.02.02 23:11:02 | 000,007,168 | -HS- | C] () -- C:\Users\markus\AppData\Roaming\3.exe
[2013.02.02 21:06:55 | 003,241,788 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.01 21:09:20 | 000,138,240 | ---- | C] () -- C:\Users\markus\OHK Zombie_Hack.dll
[2013.02.01 19:08:18 | 000,000,112 | ---- | C] () -- C:\Users\markus\LanhDiaGame.Com.url
[2013.02.01 19:08:17 | 000,019,968 | ---- | C] () -- C:\Users\markus\G-Force.dll
[2013.01.31 18:10:33 | 095,023,320 | ---- | C] () -- C:\ProgramData\3517873.pad
[2012.05.27 02:40:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.05 05:55:30 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.05 05:55:30 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.05 05:55:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.02.29 21:57:48 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.12.14 05:44:10 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2010.11.21 04:24:28 | 000,118,407 | -HS- | C] () -- C:\Users\markus\dxjcrmg.exe
[2010.11.21 04:24:28 | 000,107,731 | -HS- | C] () -- C:\Users\markus\dxscarc.exe
[2010.11.21 04:24:28 | 000,107,731 | -HS- | C] () -- C:\Users\markus\dxlfuy.exe
[2010.11.21 04:24:28 | 000,095,426 | -HS- | C] () -- C:\Users\markus\dxmvlz.exe
[2010.11.21 04:24:28 | 000,076,240 | -HS- | C] () -- C:\Users\markus\dxjerzoe.exe
[2010.11.21 04:24:28 | 000,041,996 | -HS- | C] () -- C:\Users\markus\dxnywiwwe.exe

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009.07.14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010.11.21 04:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010.11.21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010.11.21 04:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012.07.04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012.06.02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012.06.02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010.11.21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010.11.21 04:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.21 04:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011.07.14 06:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010.11.21 04:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009.07.14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012.10.03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011.09.21 10:37:16 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012.02.11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010.11.21 04:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010.11.21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010.11.21 04:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010.11.21 04:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010.11.21 04:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.21 04:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010.11.21 04:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010.11.21 04:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.21 04:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009.07.14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012.05.01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010.11.21 04:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010.11.21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010.11.21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010.11.21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2010.11.21 04:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010.11.21 04:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010.11.21 04:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010.11.21 04:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.21 04:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012.06.02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010.11.21 04:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010.11.21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011.07.14 06:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.07.14 06:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.07.14 06:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.07.14 06:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.07.14 06:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.07.14 06:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009.06.10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2011.06.06 20:55:42 | 000,000,638 | ---- | M] () MD5=197B3B6830C016740F873E56C3F9C9BD -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2011.06.06 20:55:40 | 000,000,613 | ---- | M] () MD5=1C7E1663AE424309CB3F78D7541BECEB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2011.06.06 20:55:34 | 000,000,610 | ---- | M] () MD5=1F083E63820945BD3B0A1EC89DC337F3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2011.06.06 20:55:32 | 000,000,622 | ---- | M] () MD5=227C5D88D93A46BAA21CF25428ECC9D9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
[2011.06.06 20:55:32 | 000,000,634 | ---- | M] () MD5=2510B37D21D2D7451DA5B80A31D7C99C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2011.06.06 20:55:40 | 000,000,640 | ---- | M] () MD5=3D687325BB9CDD27A998D6CA1977D14A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2011.06.06 20:55:36 | 000,000,623 | ---- | M] () MD5=52ACBF140935AA1FB30604EF26B3479C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2011.06.06 20:55:36 | 000,000,614 | ---- | M] () MD5=5EC6989CA1C72DC926A4A8DB4C0B440D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2011.06.06 20:55:40 | 000,000,620 | ---- | M] () MD5=5F22C5924E86C6EE6F824DE286612180 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2011.06.06 20:55:40 | 000,000,701 | ---- | M] () MD5=5F25C1E01D5365CB9548DEFAD0DA9521 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2011.06.06 20:55:32 | 000,000,652 | ---- | M] () MD5=7008C9B2FC0E047237AFED998171E9A9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2011.06.06 20:55:36 | 000,000,602 | ---- | M] () MD5=807E858DB39D1DADD1A7CDA0EB195902 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2011.06.06 20:55:40 | 000,000,720 | ---- | M] () MD5=84B28361A585B9D3A8EE54A1C30D6B11 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2011.06.06 20:55:36 | 000,000,606 | ---- | M] () MD5=85ED839825A89D69775A00386106F9E0 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2011.06.06 20:55:34 | 000,000,599 | ---- | M] () MD5=8CEF86FF4BBA687F844CDD2FBC9E2901 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2011.06.06 20:55:42 | 000,000,632 | ---- | M] () MD5=9FA4734C677692C2F9EF2B5277D6A66E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2011.06.06 20:55:32 | 000,000,639 | ---- | M] () MD5=ACB64CA3772E9660F72E9E4A6ABF595C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2011.06.06 20:55:34 | 000,000,662 | ---- | M] () MD5=AE0C9C7B50D793C33D610A6E58C2897C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2011.06.06 20:55:34 | 000,000,610 | ---- | M] () MD5=B9C20B8684DFBAC54EDED5B4B674CA9C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2011.06.06 20:55:32 | 000,000,627 | ---- | M] () MD5=C25DC0D9A0098C3677CBC8AACADA1472 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2011.06.06 20:55:38 | 000,000,628 | ---- | M] () MD5=C54E7077434A62D51661295A250C8504 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2011.06.06 20:55:34 | 000,000,627 | ---- | M] () MD5=CAFB055D206C2CBB122959A241668296 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2011.06.06 20:55:40 | 000,000,607 | ---- | M] () MD5=CEAFFF352B8A0C30C27972EE98C34780 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2011.06.06 20:55:32 | 000,000,614 | ---- | M] () MD5=DCAF5E14A41328B2A5976377D7DDD969 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2011.06.06 20:55:42 | 000,000,616 | ---- | M] () MD5=DED22EDA27D78427FE48AE13E566C201 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2010.11.16 05:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2011.06.06 20:55:34 | 000,000,636 | ---- | M] () MD5=E1EA7707C24F5A84850D5659CA376594 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >
[2010.11.16 05:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >
[2010.11.16 05:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >
[2010.11.16 05:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >
[2010.11.16 05:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >
[2010.11.16 05:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >
[2010.11.16 05:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >
[2010.11.16 05:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >
[2010.11.16 05:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >
[2010.11.16 05:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >
[2010.11.16 05:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >
[2010.11.16 05:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >
[2010.11.16 05:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >
[2010.11.16 05:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >
[2010.11.16 05:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >
[2010.11.16 05:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >
[2010.11.16 05:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >
[2010.11.16 05:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >
[2010.11.16 05:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >
[2010.11.16 05:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >
[2010.11.16 05:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >
[2010.11.16 05:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >
[2010.11.16 05:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >
[2010.11.16 05:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >
[2010.11.16 05:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >
[2010.11.16 05:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

< MD5 for: SERVICES.CFG >
[2011.06.06 20:55:30 | 000,584,045 | ---- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010.11.16 05:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2012.05.26 20:30:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=03B4952EC0933EBB9F8DEA9C8A812C29 -- C:\Windows\SysNative\fi-FI\services.exe.mui
[2012.05.26 20:30:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=03B4952EC0933EBB9F8DEA9C8A812C29 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_64d89a4f34e71837\services.exe.mui
[2012.05.26 20:22:38 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\SysNative\da-DK\services.exe.mui
[2012.05.26 20:22:38 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_1fd5cd894ef1d409\services.exe.mui
[2010.11.21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010.11.21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2012.05.26 20:44:52 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=A4880BDF654678A0C2D3BB1243BC4D45 -- C:\Windows\SysNative\sv-SE\services.exe.mui
[2012.05.26 20:44:52 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=A4880BDF654678A0C2D3BB1243BC4D45 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_ab0e3ae787d43a6a\services.exe.mui
[2012.05.26 20:37:39 | 000,017,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\nb-NO\services.exe.mui
[2012.05.26 20:37:39 | 000,017,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_80bededec782269a\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013.02.19 22:19:25 | 000,000,313 | ---- | M] () MD5=6906AF31BC028DB10D9B8DFF401F2AEE -- C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C89D34AG\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2012.05.26 20:22:36 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysNative\da-DK\services.msc
[2012.05.26 20:22:42 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysWOW64\da-DK\services.msc
[2012.05.26 20:22:36 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_5a179d75255b6dfc\services.msc
[2012.05.26 20:22:42 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_fdf901f16cfdfcc6\services.msc
[2012.05.26 20:37:34 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\SysNative\nb-NO\services.msc
[2012.05.26 20:37:42 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\SysWOW64\nb-NO\services.msc
[2012.05.26 20:37:34 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_bb00aeca9debc08d\services.msc
[2012.05.26 20:37:42 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_5ee21346e58e4f57\services.msc
[2012.05.26 20:44:49 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\SysNative\sv-SE\services.msc
[2012.05.26 20:44:54 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\SysWOW64\sv-SE\services.msc
[2012.05.26 20:44:49 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_e5500ad35e3dd45d\services.msc
[2012.05.26 20:44:54 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_89316f4fa5e06327\services.msc
[2010.11.21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010.11.21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010.11.21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010.11.21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2012.05.26 20:30:03 | 000,092,750 | ---- | M] () MD5=8A6DD808404612551AEC9BD5C6D88208 -- C:\Windows\SysNative\fi-FI\services.msc
[2012.05.26 20:30:09 | 000,092,750 | ---- | M] () MD5=8A6DD808404612551AEC9BD5C6D88208 -- C:\Windows\SysWOW64\fi-FI\services.msc
[2012.05.26 20:30:03 | 000,092,750 | ---- | M] () MD5=8A6DD808404612551AEC9BD5C6D88208 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_9f1a6a3b0b50b22a\services.msc
[2012.05.26 20:30:09 | 000,092,750 | ---- | M] () MD5=8A6DD808404612551AEC9BD5C6D88208 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_42fbceb752f340f4\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< End of report >

Attached Files


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
30 days should suffice.. I am not sure if will get it all in this run, so I will need a fresh OTL on completion

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...5-2ACDBE446AEE}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.goo...433&lg=EN&cc=NO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goo...433&lg=EN&cc=NO
IE - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goo...433&lg=EN&cc=NO
IE - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.goo...433&lg=EN&cc=NO
IE - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...5-2ACDBE446AEE}
O2 - BHO: (Browse2save) - {7F6DE69E-0AE0-7902-8D7F-F0A571F467CA} - C:\ProgramData\Browse2save\510d70767b223.dll ()
O2 - BHO: (Search-NewTab) - {CAB3C5D2-397A-EB99-1843-06A0CE22C941} - C:\ProgramData\Search-NewTab\510d7223c85a6.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [adsacquy] C:\WINDOWS\adsclick.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [adsmini] C:\WINDOWS\runadsmini.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Authorization Framework] C:\Users\markus\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Huvsvz] C:\Users\markus\AppData\Roaming\Huvsvz.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Java] C:\Users\markus\AppData\Roaming\Java.exe (Julien Game)
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [moin-ciner.exe] C:\Users\markus\Documents\Services\doin-diner.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Piadfe] C:\Users\markus\AppData\Roaming\Dooqwy\izry.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [HDAudio32.exe] C:\ProgramData\HotplugDevices\HDAudio32.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [HKCU] C:\directory\CyberGate\install\server.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Startup] C:\Users\markus\AppData\Roaming\Mining\MiningdpCORECT.exe (Company)
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [widnsszhost.exe] C:\Users\markus\Documents\Services\svrhoster.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Win32load] C:\Users\markus\AppData\Roaming\3.exe ()
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [Windows Update System] C:\Users\markus\AppData\Roaming\hidserv.exe (Advanced Methods, Inc. )
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\Run: [windowsfirewal] C:\Users\markus\AppData\Roaming\windowsfirewall.exe File not found
O4 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000..\RunOnce: [HDAudio32.exe] C:\ProgramData\HotplugDevices\HDAudio32.exe ()
O4 - Startup: C:\Users\markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.exe (Microsoft Corporation)
O4 - Startup: C:\Users\markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\USBplug32.exe ()
F3:64bit: - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000 WinNT: Load - (c:\users\markus\dxjcrmg.exe) - c:\users\markus\dxjcrmg.exe ()
F3 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000 WinNT: Load - (c:\users\markus\dxjcrmg.exe) - c:\users\markus\dxjcrmg.exe ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\progra~2\browse~1\sprote~1.dll ()
O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) - c:\progra~2\websea~1\sprote~1.dll ()
O20 - HKU\S-1-5-21-1156463656-3009297498-3070344828-1000 Winlogon: Shell - (C:\Users\markus\AppData\Roaming\Cyberlink.exe) - File not found
[2013.02.18 21:53:01 | 000,098,304 | RHS- | C] (Advanced Methods, Inc. ) -- C:\Users\markus\AppData\Roaming\hidserv.exe
[2013.02.16 23:21:23 | 000,569,344 | ---- | C] (Julien Game) -- C:\Users\markus\AppData\Roaming\Java.exe
[2013.02.05 20:37:30 | 001,169,224 | RHS- | C] (Microsoft Corporation) -- C:\Users\markus\AppData\Roaming\Adobe.exe
[2010.11.21 04:23:54 | 000,055,632 | ---- | C] (Microsoft Corporation) -- C:\Users\markus\AppData\Roaming\B2BWRKE1O0.exe
[2013.03.28 16:04:19 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\schedule!3036567561.job
[2013.03.05 18:58:47 | 000,000,602 | ---- | M] () -- C:\Users\markus\AppData\Roaming\FUCKIT
[2013.03.04 18:36:14 | 000,850,169 | ---- | M] () -- C:\Users\markus\AppData\Roaming\qghumeaylnlfdxfircvs85.exe
[2013.02.13 19:42:04 | 000,075,264 | ---- | C] () -- C:\Users\markus\AppData\Roaming\SkypeUpdate.exe
[2013.02.10 10:59:32 | 032,265,296 | ---- | C] () -- C:\Users\markus\AppData\Roaming\5k09s.exe
[2013.02.08 07:33:03 | 000,096,256 | -HS- | C] () -- C:\Users\markus\AppData\Roaming\Huvsvz.exe
[2013.02.03 16:46:22 | 000,154,283 | -H-- | C] () -- C:\Users\markus\AppData\Roaming\markus-wchelper.dll
[2013.02.02 23:11:02 | 000,007,168 | -HS- | C] () -- C:\Users\markus\AppData\Roaming\3.exe
[2013.01.31 18:10:33 | 095,023,320 | ---- | C] () -- C:\ProgramData\3517873.pad

:Files
C:\ProgramData\HotplugDevices
C:\Users\markus\AppData\Roaming\3.exe
C:\Users\markus\AppData\Roaming\Mining
C:\ProgramData\Search-NewTab
C:\ProgramData\Browse2save
C:\Users\markus\Documents\Services
C:\Users\markus\AppData\Roaming\Dooqwy
C:\directory

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP