Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Think I have something nasty [Solved]


  • This topic is locked This topic is locked

#1
N-R

N-R

    Member

  • Member
  • PipPip
  • 55 posts
Hello :)
I think I have something nasty on my notepad, I've scanned with MBAM and MSE also used TDSkiller but nothing had been found. The reason for why I think I have something is I have had an unknown Chinese language popping up trying to write to a protected registry. Also in the mbr when I bootrec /fixmbr it also has Chinese letters in stead of English. Ahh also I've had 2 blues screens with static not writing as I think you would normally see. Oh yeah and Google keeps telling me unusual traffic is coming from me....

Thanks in advance for your help.
OTL logs attached

Thank you :)

OTL logfile created on: 20/04/2013 22:53:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\N1cK\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.67% Memory free
3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 279.88 Gb Free Space | 93.92% Space Free | Partition Type: NTFS

Computer Name: N1CK-PC | User Name: N1cK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/20 22:52:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\N1cK\Desktop\OTL.exe
PRC - [2013/04/17 22:18:55 | 000,422,632 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/26 22:45:10 | 000,534,160 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe
PRC - [2013/02/23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2013/02/23 02:33:26 | 000,389,928 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2013/02/23 02:31:52 | 001,278,760 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2013/02/23 02:31:02 | 000,535,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\bin\FBW.exe
PRC - [2013/02/23 02:30:20 | 000,289,576 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\FBWMgr.exe
PRC - [2013/02/23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe
PRC - [2013/02/22 02:04:48 | 000,598,312 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpn.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/14 22:16:42 | 003,011,400 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
PRC - [2013/01/14 22:16:42 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/08/14 13:58:58 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/11/20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 09:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 09:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 09:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 09:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 09:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 09:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/02/23 02:30:20 | 000,289,576 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\FBWMgr.exe
MOD - [2012/12/10 02:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/06/18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/02/23 02:33:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/02/23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2013/02/22 02:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/14 22:16:42 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\N1cK\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/20 22:29:12 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{735D6F0A-22BF-4C35-B351-2AF333CACFD5}\MpKsle21eeb85.sys -- (MpKsle21eeb85)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/26 22:40:56 | 000,209,304 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2013/02/22 02:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/02/22 02:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/25 19:08:42 | 000,128,672 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/04/20 22:24:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Ghostery = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
CHR - Extension: Gmail = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/02 13:56:56 | 000,575,742 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 15610 more lines...
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A48A6C8-E7F0-4B4E-95B3-F612344C1BAB}: DhcpNameServer = 8.8.8.8 8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB225A73-43DD-41C8-9A05-5894067A34E5}: DhcpNameServer = 8.8.8.8 8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB225A73-43DD-41C8-9A05-5894067A34E5}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1598BF4-76A3-4465-87AF-F1C16B98DDD3}: DhcpNameServer = 8.8.8.8
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/20 22:52:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\N1cK\Desktop\OTL.exe
[2013/04/20 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\Adobe
[2013/04/20 14:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/04/20 14:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013/04/20 14:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2013/04/20 07:38:06 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\WinPatrol
[2013/04/20 07:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/04/20 07:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/20 07:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2013/04/20 07:25:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/20 07:23:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/19 23:30:21 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\N1cK\Documents\mbam-setup-1.75.0.1300.exe
[2013/04/19 22:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/04/19 22:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/04/19 22:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/04/19 22:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/19 22:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/19 22:45:55 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Google
[2013/04/19 22:43:28 | 000,905,928 | ---- | C] (BillP Studios) -- C:\Users\N1cK\Documents\wpsetup.exe
[2013/04/19 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\ElevatedDiagnostics
[2013/04/19 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Diagnostics
[2013/04/19 22:00:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/19 22:00:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/19 22:00:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/19 21:59:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/19 21:51:32 | 002,239,840 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\N1cK\Documents\tdsskiller.exe
[2013/04/19 17:15:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/04/19 16:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2013/04/19 16:47:54 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/04/19 16:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/04/19 16:47:42 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\Notepad++
[2013/04/19 16:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013/04/19 16:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013/04/19 16:40:12 | 000,209,304 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2013/04/19 16:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2013/04/19 16:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/19 16:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/04/19 16:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/04/19 16:34:00 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Privatefirewall
[2013/04/19 16:32:23 | 000,128,672 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\System32\drivers\pwipf6.sys
[2013/04/19 16:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
[2013/04/19 16:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Privacyware
[2013/04/19 16:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Privacyware
[2013/04/19 16:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/04/19 16:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/04/19 16:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/04/19 16:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/04/19 16:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2013/04/19 16:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013/04/19 16:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/04/19 16:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2013/04/19 16:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/04/19 16:23:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/04/19 16:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/04/19 16:14:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2013/04/19 16:14:38 | 000,000,000 | ---D | C] -- C:\Intel
[2013/04/19 16:09:55 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\Malwarebytes
[2013/04/19 16:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/19 16:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/19 16:09:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/19 16:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/19 16:08:59 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Programs
[2013/04/19 15:29:51 | 000,000,000 | R--D | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/04/19 15:29:51 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Searches
[2013/04/19 15:29:51 | 000,000,000 | R--D | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/04/19 15:29:51 | 000,000,000 | -H-D | C] -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/04/19 15:29:43 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\Identities
[2013/04/19 15:29:41 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Contacts
[2013/04/19 15:29:32 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\VirtualStore
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\AppData\Local\Temporary Internet Files
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Templates
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Start Menu
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\SendTo
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Recent
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\PrintHood
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\NetHood
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Documents\My Videos
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Documents\My Pictures
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Documents\My Music
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\My Documents
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Local Settings
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\AppData\Local\History
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Cookies
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Application Data
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\AppData\Local\Application Data
[2013/04/19 15:29:28 | 000,000,000 | --SD | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Videos
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Saved Games
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Pictures
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Music
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Links
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Favorites
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Downloads
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Documents
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Desktop
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/19 15:29:28 | 000,000,000 | -H-D | C] -- C:\Users\N1cK\AppData
[2013/04/19 15:29:28 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Temp
[2013/04/19 15:29:28 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Microsoft
[2013/04/19 15:29:10 | 000,000,000 | ---D | C] -- C:\Recovery
[2013/04/19 15:24:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/04/19 15:22:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/04/19 15:21:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/04/19 07:20:27 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/04/19 07:19:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM

========== Files - Modified Within 30 Days ==========

[2013/04/20 22:52:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\N1cK\Desktop\OTL.exe
[2013/04/20 22:51:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/20 22:51:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/20 22:31:07 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/20 22:31:07 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/20 22:24:54 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/20 22:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/20 22:24:32 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/20 16:33:09 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/20 16:33:09 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/20 16:31:14 | 000,698,444 | ---- | M] () -- C:\Windows\System32\oem6.inf
[2013/04/20 16:25:48 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/04/20 14:09:37 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/04/20 07:06:33 | 000,001,411 | ---- | M] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/20 07:06:32 | 000,002,229 | ---- | M] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/19 23:30:56 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\N1cK\Documents\mbam-setup-1.75.0.1300.exe
[2013/04/19 23:27:58 | 044,492,509 | ---- | M] () -- C:\Users\N1cK\Desktop\complete-43.-chase-ready-.mp3
[2013/04/19 23:26:27 | 080,665,796 | ---- | M] () -- C:\Users\N1cK\Desktop\MU915.mp3
[2013/04/19 23:24:23 | 065,749,577 | ---- | M] () -- C:\Users\N1cK\Desktop\theunexplained-111.mp3
[2013/04/19 23:18:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/19 23:03:28 | 005,948,496 | ---- | M] () -- C:\Users\N1cK\Documents\HSS-2.88-install-zdnetcom-5-conduit.exe
[2013/04/19 22:48:31 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/19 22:43:53 | 000,905,928 | ---- | M] (BillP Studios) -- C:\Users\N1cK\Documents\wpsetup.exe
[2013/04/19 21:51:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/04/19 16:51:49 | 407,147,872 | ---- | M] () -- C:\Users\N1cK\Documents\security programs.zip
[2013/04/19 16:47:54 | 000,001,025 | ---- | M] () -- C:\Users\N1cK\Desktop\Notepad++.lnk
[2013/04/19 16:38:20 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/19 16:32:19 | 000,000,146 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/04/19 16:26:44 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/04/19 16:25:28 | 000,001,893 | ---- | M] () -- C:\Users\N1cK\Desktop\PeerBlock.lnk
[2013/04/19 16:24:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/19 16:18:54 | 000,014,048 | ---- | M] () -- C:\Windows\System32\results.xml
[2013/04/19 15:26:46 | 000,102,127 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013/04/10 01:09:02 | 002,239,840 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\N1cK\Documents\tdsskiller.exe
[2013/04/10 00:56:46 | 012,894,739 | ---- | M] () -- C:\Users\N1cK\Documents\mbar-1.01.0.1022.zip
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/02 13:56:56 | 000,575,742 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2013/03/26 22:40:56 | 000,209,304 | ---- | M] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys

========== Files Created - No Company Name ==========

[2013/04/20 22:24:36 | 000,257,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/20 16:31:29 | 000,698,444 | ---- | C] () -- C:\Windows\System32\oem6.inf
[2013/04/20 16:25:48 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/04/20 14:09:37 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/04/20 00:10:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/04/20 00:08:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/04/19 23:26:17 | 044,492,509 | ---- | C] () -- C:\Users\N1cK\Desktop\complete-43.-chase-ready-.mp3
[2013/04/19 23:24:33 | 080,665,796 | ---- | C] () -- C:\Users\N1cK\Desktop\MU915.mp3
[2013/04/19 23:22:39 | 065,749,577 | ---- | C] () -- C:\Users\N1cK\Desktop\theunexplained-111.mp3
[2013/04/19 23:01:21 | 005,948,496 | ---- | C] () -- C:\Users\N1cK\Documents\HSS-2.88-install-zdnetcom-5-conduit.exe
[2013/04/19 22:48:31 | 000,002,229 | ---- | C] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/19 22:48:31 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/19 22:46:22 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/19 22:46:19 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/19 22:00:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/19 22:00:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/19 22:00:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/19 22:00:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/19 22:00:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/19 21:51:26 | 012,894,739 | ---- | C] () -- C:\Users\N1cK\Documents\mbar-1.01.0.1022.zip
[2013/04/19 21:51:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/04/19 16:51:15 | 407,147,872 | ---- | C] () -- C:\Users\N1cK\Documents\security programs.zip
[2013/04/19 16:47:54 | 000,001,025 | ---- | C] () -- C:\Users\N1cK\Desktop\Notepad++.lnk
[2013/04/19 16:38:20 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/19 16:32:19 | 000,000,146 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/04/19 16:26:44 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/04/19 16:25:28 | 000,001,893 | ---- | C] () -- C:\Users\N1cK\Desktop\PeerBlock.lnk
[2013/04/19 16:24:16 | 000,001,411 | ---- | C] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/19 16:24:00 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/19 16:23:39 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/04/19 16:18:54 | 000,014,048 | ---- | C] () -- C:\Windows\System32\results.xml
[2013/04/19 16:09:12 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/19 15:29:53 | 000,001,417 | ---- | C] () -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/19 15:29:28 | 000,000,290 | ---- | C] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/04/19 15:29:28 | 000,000,272 | ---- | C] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/19 15:21:10 | 1602,195,456 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/19 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\N1cK\AppData\Roaming\Notepad++
[2013/04/20 07:38:23 | 000,000,000 | ---D | M] -- C:\Users\N1cK\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Attached Files


Edited by N-R, 22 April 2013 - 04:54 AM.

  • 0

Advertisements


#2
N-R

N-R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi I don't know if this is relevant but I found
UDP [::1]:1900 (UPnP) Listening for packets
and
UDP [fe80::b942:10e3:9bef:b9a]:1900 (UPnP) Listening for packets

both for which the application name is empty, non existent.

For now I have disabled upnp in services.

Thanks for your help
Nick :)

Edited by N-R, 22 April 2013 - 05:07 AM.

  • 0

#3
N-R

N-R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi Has anyone got any ideas that may help me clear this up please?

Thank you
N-R
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello N-R,

Sorry for the delay.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#5
N-R

N-R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hiya
Thanks for getting back to me and no problem about the wait. I honestly thought I'd done something wrong and thought I was in the dog house ha ha.. So I did a complete re-install of my OS. Should I still download this to see if anything resides on the system as it was the MBR in Chinese that I was concerned about?

Regards
Nick

I'm going into hospital Tuesday should I close this and open it again when I'm out? As I ma be quite a while in hospital.
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

I honestly thought I'd done something wrong and thought I was in the dog house ha ha..


Not from me you weren't lol. Just that we can get a bit busy here.

Should I still download this to see if anything resides on the system as it was the MBR in Chinese that I was concerned about?


Unless your machine is showing problems I wouldn't worry. If you carried out a reformat when you reinstalled everything of the old system will be gone. If you didn't, then see how it goes and come back if symptoms appear.

I'm going into hospital Tuesday should I close this and open it again when I'm out? As I ma be quite a while in hospital.


I think it best that I close this topic. You can open a new topic if anything develops. Alternatively you can ask for this topic to be reopened.

Hope all goes well for you. :)
  • 0

#7
N-R

N-R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hiya
Every thing seems OK thank's. I did format everything a few times.
Thanks again
Nick :)
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP