Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Smooth ! [Closed]


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK. Let's check for rootkits. I haven't seen any evidence of one but better safe than sorry.
Also, I noticed that you are downloading some tools to the Downloads folder of the D:\ drive and running them from there. The tools are designed to be downloaded to and run from the desktop of the drive where Windows is installed, in this case the C:\ drive. Do you have the computer set up with a RAID configuration? If not please download the tools and run them from the desktop of the C:\ drive.


Step-1.

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (See the image below)

    Posted Image
  • Make sure the boxes under Objects to scan are checked like the image below.
  • In the Additional options section, check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system. (See the image below)

    Posted Image
  • Click OK
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by clicking Report

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. the TDSSKiller log
  • 0

Advertisements


#17
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Do you mean the tools we have been using the clean the computer ? I'm not sure what do you mean by RAID configuration so i have just downloaded the TDSSKILLER to desktop like you asked.



1. the TDSSKiller log:

17:27:19.0640 1488 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:27:21.0000 1488 ============================================================
17:27:21.0000 1488 Current date / time: 2013/05/25 17:27:21.0000
17:27:21.0000 1488 SystemInfo:
17:27:21.0000 1488
17:27:21.0000 1488 OS Version: 5.1.2600 ServicePack: 3.0
17:27:21.0000 1488 Product type: Workstation
17:27:21.0000 1488 ComputerName: HOME2
17:27:21.0000 1488 UserName: WinXP
17:27:21.0000 1488 Windows directory: C:\WINDOWS
17:27:21.0000 1488 System windows directory: C:\WINDOWS
17:27:21.0000 1488 Processor architecture: Intel x86
17:27:21.0000 1488 Number of processors: 2
17:27:21.0000 1488 Page size: 0x1000
17:27:21.0000 1488 Boot type: Normal boot
17:27:21.0000 1488 ============================================================
17:27:22.0640 1488 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:27:22.0640 1488 ============================================================
17:27:22.0640 1488 \Device\Harddisk0\DR0:
17:27:22.0640 1488 MBR partitions:
17:27:22.0640 1488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
17:27:22.0656 1488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0x88B8F9D
17:27:22.0671 1488 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0xC34F28D
17:27:22.0687 1488 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0xCD8B229
17:27:22.0687 1488 ============================================================
17:27:22.0734 1488 C: <-> \Device\Harddisk0\DR0\Partition1
17:27:22.0843 1488 D: <-> \Device\Harddisk0\DR0\Partition2
17:27:23.0000 1488 E: <-> \Device\Harddisk0\DR0\Partition3
17:27:23.0031 1488 F: <-> \Device\Harddisk0\DR0\Partition4
17:27:23.0031 1488 ============================================================
17:27:23.0031 1488 Initialize success
17:27:23.0031 1488 ============================================================
17:27:32.0265 0640 ============================================================
17:27:32.0265 0640 Scan started
17:27:32.0265 0640 Mode: Manual;
17:27:32.0265 0640 ============================================================
17:27:33.0375 0640 ================ Scan system memory ========================
17:27:33.0578 0640 System memory - ok
17:27:33.0578 0640 ================ Scan services =============================
17:27:33.0640 0640 [ 44C85670246E4183650EF0E664346DDC ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:27:33.0640 0640 !SASCORE - ok
17:27:33.0734 0640 Abiosdsk - ok
17:27:33.0750 0640 abp480n5 - ok
17:27:33.0796 0640 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:27:33.0796 0640 ACPI - ok
17:27:33.0828 0640 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:27:33.0828 0640 ACPIEC - ok
17:27:33.0828 0640 adpu160m - ok
17:27:33.0859 0640 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:27:33.0875 0640 aec - ok
17:27:33.0906 0640 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:27:33.0906 0640 AFD - ok
17:27:33.0921 0640 Aha154x - ok
17:27:33.0921 0640 aic78u2 - ok
17:27:33.0937 0640 aic78xx - ok
17:27:33.0953 0640 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:27:33.0953 0640 Alerter - ok
17:27:33.0968 0640 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:27:33.0968 0640 ALG - ok
17:27:33.0968 0640 AliIde - ok
17:27:33.0984 0640 amsint - ok
17:27:34.0000 0640 [ 85ECE26F326C2D07BA77A60343468272 ] Apowersoft_AudioDevice C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys
17:27:34.0000 0640 Apowersoft_AudioDevice - ok
17:27:34.0078 0640 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:27:34.0078 0640 Apple Mobile Device - ok
17:27:34.0093 0640 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:27:34.0093 0640 AppMgmt - ok
17:27:34.0109 0640 asc - ok
17:27:34.0109 0640 asc3350p - ok
17:27:34.0125 0640 asc3550 - ok
17:27:34.0203 0640 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:27:34.0203 0640 aspnet_state - ok
17:27:34.0218 0640 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:27:34.0218 0640 AsyncMac - ok
17:27:34.0234 0640 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:27:34.0234 0640 atapi - ok
17:27:34.0250 0640 Atdisk - ok
17:27:34.0250 0640 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:27:34.0250 0640 Atmarpc - ok
17:27:34.0265 0640 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:27:34.0265 0640 AudioSrv - ok
17:27:34.0296 0640 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:27:34.0296 0640 audstub - ok
17:27:34.0328 0640 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:27:34.0328 0640 Beep - ok
17:27:34.0375 0640 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:27:34.0375 0640 BITS - ok
17:27:34.0484 0640 [ 64B487DF3BBBE47DBBCE4B8CAA8937CC ] BlackBerry Device Manager C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
17:27:34.0484 0640 BlackBerry Device Manager - ok
17:27:34.0546 0640 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:27:34.0562 0640 Bonjour Service - ok
17:27:34.0578 0640 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:27:34.0578 0640 Browser - ok
17:27:34.0671 0640 [ 9BDBDA21D3BA8E374FD06A405BE10215 ] C-DillaCdaC11BA C:\WINDOWS\system32\drivers\CDAC11BA.EXE
17:27:34.0671 0640 C-DillaCdaC11BA - ok
17:27:34.0687 0640 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:27:34.0687 0640 cbidf2k - ok
17:27:34.0750 0640 [ 93A45B3F2403670A6D14A0B466D97698 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:27:34.0750 0640 ccEvtMgr - ok
17:27:34.0750 0640 [ 93A45B3F2403670A6D14A0B466D97698 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:27:34.0750 0640 ccSetMgr - ok
17:27:34.0765 0640 cd20xrnt - ok
17:27:34.0781 0640 [ F76CB7259AA575CC53F3996BC6B68C18 ] CdaC15BA C:\WINDOWS\system32\drivers\CDAC15BA.SYS
17:27:34.0781 0640 CdaC15BA - ok
17:27:34.0796 0640 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:27:34.0796 0640 Cdaudio - ok
17:27:34.0828 0640 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:27:34.0828 0640 Cdfs - ok
17:27:34.0843 0640 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:27:34.0843 0640 Cdrom - ok
17:27:34.0843 0640 Changer - ok
17:27:34.0859 0640 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:27:34.0859 0640 CiSvc - ok
17:27:34.0875 0640 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:27:34.0875 0640 ClipSrv - ok
17:27:34.0890 0640 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:34.0890 0640 clr_optimization_v2.0.50727_32 - ok
17:27:34.0906 0640 CmdIde - ok
17:27:34.0937 0640 [ 86A22DFF16E8CA67601044EFE6825537 ] COH_Mon C:\WINDOWS\system32\Drivers\COH_Mon.sys
17:27:34.0937 0640 COH_Mon - ok
17:27:34.0953 0640 COMSysApp - ok
17:27:34.0953 0640 Cpqarray - ok
17:27:34.0984 0640 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:27:34.0984 0640 CryptSvc - ok
17:27:35.0000 0640 dac2w2k - ok
17:27:35.0000 0640 dac960nt - ok
17:27:35.0031 0640 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:27:35.0031 0640 DcomLaunch - ok
17:27:35.0062 0640 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:27:35.0062 0640 Dhcp - ok
17:27:35.0078 0640 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:27:35.0078 0640 Disk - ok
17:27:35.0078 0640 dmadmin - ok
17:27:35.0109 0640 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:27:35.0125 0640 dmboot - ok
17:27:35.0125 0640 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:27:35.0125 0640 dmio - ok
17:27:35.0140 0640 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:27:35.0140 0640 dmload - ok
17:27:35.0156 0640 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:27:35.0156 0640 dmserver - ok
17:27:35.0171 0640 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:27:35.0171 0640 DMusic - ok
17:27:35.0203 0640 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:27:35.0203 0640 Dnscache - ok
17:27:35.0234 0640 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:27:35.0234 0640 Dot3svc - ok
17:27:35.0234 0640 dpti2o - ok
17:27:35.0265 0640 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:27:35.0265 0640 drmkaud - ok
17:27:35.0281 0640 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:27:35.0281 0640 EapHost - ok
17:27:35.0328 0640 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:27:35.0328 0640 eeCtrl - ok
17:27:35.0359 0640 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:27:35.0359 0640 EraserUtilRebootDrv - ok
17:27:35.0375 0640 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:27:35.0375 0640 ERSvc - ok
17:27:35.0406 0640 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:27:35.0406 0640 Eventlog - ok
17:27:35.0453 0640 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:27:35.0453 0640 EventSystem - ok
17:27:35.0468 0640 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:27:35.0468 0640 Fastfat - ok
17:27:35.0484 0640 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:27:35.0484 0640 FastUserSwitchingCompatibility - ok
17:27:35.0500 0640 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:27:35.0500 0640 Fdc - ok
17:27:35.0515 0640 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:27:35.0515 0640 Fips - ok
17:27:35.0531 0640 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:27:35.0531 0640 Flpydisk - ok
17:27:35.0562 0640 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:27:35.0562 0640 FltMgr - ok
17:27:35.0625 0640 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:27:35.0625 0640 FontCache3.0.0.0 - ok
17:27:35.0656 0640 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
17:27:35.0656 0640 fssfltr - ok
17:27:35.0781 0640 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:27:35.0781 0640 fsssvc - ok
17:27:35.0796 0640 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:27:35.0796 0640 Fs_Rec - ok
17:27:35.0812 0640 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:27:35.0812 0640 Ftdisk - ok
17:27:35.0859 0640 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS\gdrv.sys
17:27:35.0859 0640 gdrv - ok
17:27:35.0890 0640 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:27:35.0890 0640 GEARAspiWDM - ok
17:27:35.0921 0640 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:27:35.0921 0640 Gpc - ok
17:27:35.0984 0640 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9ed38ff31fd6c C:\Program Files\Google\Update\GoogleUpdate.exe
17:27:35.0984 0640 gupdate1c9ed38ff31fd6c - ok
17:27:36.0000 0640 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:27:36.0000 0640 gupdatem - ok
17:27:36.0015 0640 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:27:36.0015 0640 gusvc - ok
17:27:36.0046 0640 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:27:36.0046 0640 HDAudBus - ok
17:27:36.0109 0640 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:27:36.0109 0640 helpsvc - ok
17:27:36.0140 0640 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:27:36.0140 0640 HidServ - ok
17:27:36.0171 0640 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:27:36.0187 0640 HidUsb - ok
17:27:36.0218 0640 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:27:36.0218 0640 hkmsvc - ok
17:27:36.0218 0640 hpn - ok
17:27:36.0250 0640 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:27:36.0250 0640 HTTP - ok
17:27:36.0281 0640 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:27:36.0281 0640 HTTPFilter - ok
17:27:36.0281 0640 i2omgmt - ok
17:27:36.0296 0640 i2omp - ok
17:27:36.0312 0640 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:27:36.0312 0640 i8042prt - ok
17:27:36.0375 0640 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:27:36.0390 0640 idsvc - ok
17:27:36.0406 0640 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:27:36.0406 0640 Imapi - ok
17:27:36.0421 0640 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:27:36.0421 0640 ImapiService - ok
17:27:36.0437 0640 ini910u - ok
17:27:36.0578 0640 [ DB589671E0C403D65884CF0B50600FCD ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:27:36.0593 0640 IntcAzAudAddService - ok
17:27:36.0609 0640 IntelIde - ok
17:27:36.0625 0640 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:27:36.0625 0640 intelppm - ok
17:27:36.0640 0640 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:27:36.0640 0640 Ip6Fw - ok
17:27:36.0671 0640 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:27:36.0671 0640 IpFilterDriver - ok
17:27:36.0671 0640 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:27:36.0671 0640 IpInIp - ok
17:27:36.0687 0640 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:27:36.0687 0640 IpNat - ok
17:27:36.0781 0640 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:27:36.0781 0640 iPod Service - ok
17:27:36.0796 0640 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:27:36.0796 0640 IPSec - ok
17:27:36.0828 0640 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:27:36.0828 0640 IRENUM - ok
17:27:36.0859 0640 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:27:36.0859 0640 isapnp - ok
17:27:36.0890 0640 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:27:36.0890 0640 Kbdclass - ok
17:27:36.0921 0640 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:27:36.0921 0640 kbdhid - ok
17:27:36.0937 0640 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:27:36.0937 0640 kmixer - ok
17:27:36.0953 0640 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:27:36.0953 0640 KSecDD - ok
17:27:37.0000 0640 [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
17:27:37.0000 0640 LanmanServer - ok
17:27:37.0015 0640 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:27:37.0015 0640 lanmanworkstation - ok
17:27:37.0015 0640 lbrtfdc - ok
17:27:37.0156 0640 [ E553C4B4B7B4B86CD71A2DFEE1B58131 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:27:37.0171 0640 LiveUpdate - ok
17:27:37.0187 0640 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:27:37.0187 0640 LmHosts - ok
17:27:37.0218 0640 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:27:37.0218 0640 MBAMProtector - ok
17:27:37.0265 0640 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:27:37.0265 0640 MBAMScheduler - ok
17:27:37.0296 0640 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:27:37.0296 0640 MBAMService - ok
17:27:37.0390 0640 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
17:27:37.0390 0640 MDM - ok
17:27:37.0406 0640 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:27:37.0406 0640 Messenger - ok
17:27:37.0453 0640 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:27:37.0453 0640 Microsoft Office Groove Audit Service - ok
17:27:37.0484 0640 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:27:37.0484 0640 mnmdd - ok
17:27:37.0500 0640 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:27:37.0515 0640 mnmsrvc - ok
17:27:37.0531 0640 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:27:37.0531 0640 Modem - ok
17:27:37.0546 0640 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:27:37.0546 0640 Mouclass - ok
17:27:37.0578 0640 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:27:37.0578 0640 mouhid - ok
17:27:37.0593 0640 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:27:37.0593 0640 MountMgr - ok
17:27:37.0625 0640 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:27:37.0625 0640 MozillaMaintenance - ok
17:27:37.0625 0640 mraid35x - ok
17:27:37.0656 0640 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:27:37.0656 0640 MRxDAV - ok
17:27:37.0687 0640 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:27:37.0687 0640 MRxSmb - ok
17:27:37.0718 0640 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:27:37.0718 0640 MSDTC - ok
17:27:37.0734 0640 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:27:37.0734 0640 Msfs - ok
17:27:37.0734 0640 MSIServer - ok
17:27:37.0796 0640 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:27:37.0796 0640 MSKSSRV - ok
17:27:37.0843 0640 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:27:37.0843 0640 MSPCLOCK - ok
17:27:37.0843 0640 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:27:37.0859 0640 MSPQM - ok
17:27:37.0875 0640 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:27:37.0875 0640 mssmbios - ok
17:27:37.0890 0640 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:27:37.0890 0640 Mup - ok
17:27:37.0921 0640 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:27:37.0921 0640 napagent - ok
17:27:38.0000 0640 [ CE2156DF796D41614AB60E68D107D573 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130524.003\NAVENG.SYS
17:27:38.0000 0640 NAVENG - ok
17:27:38.0046 0640 [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130524.003\NAVEX15.SYS
17:27:38.0062 0640 NAVEX15 - ok
17:27:38.0062 0640 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:27:38.0062 0640 NDIS - ok
17:27:38.0093 0640 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:27:38.0093 0640 NdisTapi - ok
17:27:38.0109 0640 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:27:38.0109 0640 Ndisuio - ok
17:27:38.0109 0640 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:27:38.0109 0640 NdisWan - ok
17:27:38.0140 0640 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:27:38.0140 0640 NDProxy - ok
17:27:38.0156 0640 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:27:38.0156 0640 NetBIOS - ok
17:27:38.0187 0640 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:27:38.0187 0640 NetBT - ok
17:27:38.0203 0640 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:27:38.0203 0640 NetDDE - ok
17:27:38.0203 0640 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:27:38.0203 0640 NetDDEdsdm - ok
17:27:38.0234 0640 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:27:38.0234 0640 Netlogon - ok
17:27:38.0265 0640 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:27:38.0265 0640 Netman - ok
17:27:38.0296 0640 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:27:38.0296 0640 NetTcpPortSharing - ok
17:27:38.0328 0640 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:27:38.0328 0640 Nla - ok
17:27:38.0328 0640 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:27:38.0328 0640 Npfs - ok
17:27:38.0359 0640 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:27:38.0375 0640 Ntfs - ok
17:27:38.0375 0640 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:27:38.0375 0640 NtLmSsp - ok
17:27:38.0406 0640 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:27:38.0406 0640 NtmsSvc - ok
17:27:38.0437 0640 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:27:38.0437 0640 Null - ok
17:27:38.0671 0640 [ 9CDA796E6BEC89EFF45EF430651EA74B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:27:38.0734 0640 nv - ok
17:27:38.0765 0640 [ 30CB85790A3C70AE45C88E28BA6397C2 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:27:38.0765 0640 NVSvc - ok
17:27:38.0906 0640 [ 37C8EC2860DF210ED93A94BF6525CBC7 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:27:38.0906 0640 nvUpdatusService - ok
17:27:38.0921 0640 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:27:38.0937 0640 NwlnkFlt - ok
17:27:38.0937 0640 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:27:38.0937 0640 NwlnkFwd - ok
17:27:39.0000 0640 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:27:39.0000 0640 odserv - ok
17:27:39.0015 0640 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:27:39.0015 0640 ose - ok
17:27:39.0062 0640 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:27:39.0062 0640 Parport - ok
17:27:39.0078 0640 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:27:39.0078 0640 PartMgr - ok
17:27:39.0078 0640 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:27:39.0078 0640 ParVdm - ok
17:27:39.0093 0640 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:27:39.0093 0640 PCI - ok
17:27:39.0109 0640 PCIDump - ok
17:27:39.0109 0640 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:27:39.0109 0640 PCIIde - ok
17:27:39.0140 0640 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:27:39.0140 0640 Pcmcia - ok
17:27:39.0171 0640 [ 02AAAFB7BA137CE5DDABCDF8090954D9 ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
17:27:39.0171 0640 pcouffin - ok
17:27:39.0187 0640 PDCOMP - ok
17:27:39.0187 0640 PDFRAME - ok
17:27:39.0203 0640 PDRELI - ok
17:27:39.0203 0640 PDRFRAME - ok
17:27:39.0218 0640 perc2 - ok
17:27:39.0218 0640 perc2hib - ok
17:27:39.0265 0640 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:27:39.0265 0640 PlugPlay - ok
17:27:39.0281 0640 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:27:39.0281 0640 PolicyAgent - ok
17:27:39.0312 0640 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:27:39.0312 0640 PptpMiniport - ok
17:27:39.0328 0640 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:27:39.0328 0640 ProtectedStorage - ok
17:27:39.0343 0640 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:27:39.0343 0640 PSched - ok
17:27:39.0375 0640 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:27:39.0375 0640 Ptilink - ok
17:27:39.0406 0640 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:27:39.0406 0640 PxHelp20 - ok
17:27:39.0406 0640 ql1080 - ok
17:27:39.0421 0640 Ql10wnt - ok
17:27:39.0421 0640 ql12160 - ok
17:27:39.0421 0640 ql1240 - ok
17:27:39.0437 0640 ql1280 - ok
17:27:39.0453 0640 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:27:39.0453 0640 RasAcd - ok
17:27:39.0484 0640 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:27:39.0484 0640 RasAuto - ok
17:27:39.0500 0640 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:27:39.0500 0640 Rasl2tp - ok
17:27:39.0515 0640 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:27:39.0531 0640 RasMan - ok
17:27:39.0531 0640 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:27:39.0531 0640 RasPppoe - ok
17:27:39.0531 0640 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:27:39.0531 0640 Raspti - ok
17:27:39.0562 0640 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:27:39.0562 0640 Rdbss - ok
17:27:39.0578 0640 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:27:39.0578 0640 RDPCDD - ok
17:27:39.0609 0640 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:27:39.0609 0640 rdpdr - ok
17:27:39.0640 0640 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:27:39.0640 0640 RDPWD - ok
17:27:39.0671 0640 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:27:39.0671 0640 RDSessMgr - ok
17:27:39.0734 0640 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
17:27:39.0734 0640 RealNetworks Downloader Resolver Service - ok
17:27:39.0765 0640 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:27:39.0765 0640 redbook - ok
17:27:39.0781 0640 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:27:39.0781 0640 RemoteAccess - ok
17:27:39.0812 0640 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:27:39.0812 0640 RemoteRegistry - ok
17:27:39.0843 0640 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
17:27:39.0843 0640 Revoflt - ok
17:27:39.0875 0640 [ BBCE96557881586683611C561FB06269 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
17:27:39.0875 0640 RimUsb - ok
17:27:39.0906 0640 [ C4F4FCD5AE48BDD31648981DDF8EF993 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
17:27:39.0906 0640 RimVSerPort - ok
17:27:40.0000 0640 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
17:27:40.0000 0640 ROOTMODEM - ok
17:27:40.0031 0640 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:27:40.0031 0640 RpcLocator - ok
17:27:40.0046 0640 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:27:40.0062 0640 RpcSs - ok
17:27:40.0078 0640 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:27:40.0078 0640 RSVP - ok
17:27:40.0093 0640 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:27:40.0093 0640 RTLE8023xp - ok
17:27:40.0109 0640 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:27:40.0109 0640 SamSs - ok
17:27:40.0140 0640 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:27:40.0140 0640 SASDIFSV - ok
17:27:40.0156 0640 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:27:40.0156 0640 SASKUTIL - ok
17:27:40.0171 0640 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:27:40.0187 0640 SCardSvr - ok
17:27:40.0218 0640 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:27:40.0218 0640 Schedule - ok
17:27:40.0265 0640 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:27:40.0265 0640 SeaPort - ok
17:27:40.0281 0640 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:27:40.0281 0640 Secdrv - ok
17:27:40.0296 0640 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:27:40.0296 0640 seclogon - ok
17:27:40.0312 0640 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:27:40.0312 0640 SENS - ok
17:27:40.0328 0640 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:27:40.0328 0640 serenum - ok
17:27:40.0343 0640 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:27:40.0343 0640 Serial - ok
17:27:40.0359 0640 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:27:40.0359 0640 Sfloppy - ok
17:27:40.0390 0640 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:27:40.0390 0640 SharedAccess - ok
17:27:40.0406 0640 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:27:40.0406 0640 ShellHWDetection - ok
17:27:40.0406 0640 Simbad - ok
17:27:40.0593 0640 [ 0C1B2E3A897397738D9F81CD3D152AF0 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:27:40.0609 0640 Skype C2C Service - ok
17:27:40.0640 0640 [ 875B04A71869D34A415CC8B4D4673EC4 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:27:40.0640 0640 SkypeUpdate - ok
17:27:40.0718 0640 [ D0375CA98569065A51504187D22C1949 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
17:27:40.0734 0640 SmcService - ok
17:27:40.0765 0640 [ 612D1ECBF4F7351A29B9EB0FA6E5F56A ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
17:27:40.0765 0640 SNAC - ok
17:27:40.0781 0640 Sparrow - ok
17:27:40.0828 0640 [ 77780509A16A1DF7F2D8531D21DDB9B9 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:27:40.0843 0640 SPBBCDrv - ok
17:27:40.0859 0640 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:27:40.0859 0640 splitter - ok
17:27:40.0890 0640 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:27:40.0890 0640 Spooler - ok
17:27:40.0906 0640 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:27:40.0906 0640 sr - ok
17:27:40.0921 0640 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:27:40.0921 0640 srservice - ok
17:27:40.0937 0640 [ E217480CC878061D7603A8CDCA06C188 ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
17:27:40.0937 0640 SRTSP - ok
17:27:40.0953 0640 [ CAE71704BADDE6B0D5818ACCE20673CA ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
17:27:40.0953 0640 SRTSPL - ok
17:27:40.0968 0640 [ BE6F1DDDE2DDAB75225D83E6B03A2348 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
17:27:40.0968 0640 SRTSPX - ok
17:27:40.0984 0640 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:27:41.0000 0640 Srv - ok
17:27:41.0046 0640 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:27:41.0046 0640 SSDPSRV - ok
17:27:41.0062 0640 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:27:41.0078 0640 stisvc - ok
17:27:41.0109 0640 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:27:41.0109 0640 swenum - ok
17:27:41.0125 0640 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:27:41.0125 0640 swmidi - ok
17:27:41.0125 0640 SwPrv - ok
17:27:41.0203 0640 [ AB135C5739D0AB8CBAAF1D4B23E3C259 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
17:27:41.0203 0640 Symantec AntiVirus - ok
17:27:41.0218 0640 symc810 - ok
17:27:41.0218 0640 symc8xx - ok
17:27:41.0265 0640 [ E03EE3EF1037099554D17BED99545A5E ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:27:41.0265 0640 SymEvent - ok
17:27:41.0281 0640 [ BE3C117150C055E50A4CAF23E548C856 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17:27:41.0281 0640 SYMREDRV - ok
17:27:41.0312 0640 [ 7B0AF4E22B32F8C5BFBA5A5D53522160 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
17:27:41.0312 0640 SYMTDI - ok
17:27:41.0312 0640 sym_hi - ok
17:27:41.0328 0640 sym_u3 - ok
17:27:41.0343 0640 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:27:41.0343 0640 sysaudio - ok
17:27:41.0375 0640 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:27:41.0375 0640 SysmonLog - ok
17:27:41.0406 0640 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:27:41.0421 0640 TapiSrv - ok
17:27:41.0453 0640 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:27:41.0453 0640 Tcpip - ok
17:27:41.0484 0640 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:27:41.0484 0640 TDPIPE - ok
17:27:41.0500 0640 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:27:41.0500 0640 TDTCP - ok
17:27:41.0546 0640 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:27:41.0546 0640 TermDD - ok
17:27:41.0578 0640 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:27:41.0593 0640 TermService - ok
17:27:41.0609 0640 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:27:41.0609 0640 Themes - ok
17:27:41.0625 0640 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:27:41.0625 0640 TlntSvr - ok
17:27:41.0640 0640 TosIde - ok
17:27:41.0656 0640 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:27:41.0656 0640 TrkWks - ok
17:27:41.0687 0640 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
17:27:41.0687 0640 TrueSight - ok
17:27:41.0750 0640 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:27:41.0750 0640 Udfs - ok
17:27:41.0750 0640 ultra - ok
17:27:41.0796 0640 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:27:41.0796 0640 Update - ok
17:27:41.0812 0640 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:27:41.0812 0640 upnphost - ok
17:27:41.0843 0640 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:27:41.0843 0640 UPS - ok
17:27:41.0875 0640 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:27:41.0875 0640 usbccgp - ok
17:27:41.0906 0640 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:27:41.0906 0640 usbehci - ok
17:27:41.0953 0640 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:27:41.0953 0640 usbhub - ok
17:27:41.0968 0640 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:27:41.0968 0640 usbprint - ok
17:27:42.0000 0640 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:27:42.0000 0640 usbscan - ok
17:27:42.0015 0640 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:27:42.0015 0640 USBSTOR - ok
17:27:42.0046 0640 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:27:42.0046 0640 usbuhci - ok
17:27:42.0093 0640 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:27:42.0093 0640 VgaSave - ok
17:27:42.0093 0640 ViaIde - ok
17:27:42.0125 0640 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:27:42.0125 0640 VolSnap - ok
17:27:42.0140 0640 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:27:42.0140 0640 VSS - ok
17:27:42.0171 0640 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:27:42.0171 0640 W32Time - ok
17:27:42.0187 0640 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:27:42.0187 0640 Wanarp - ok
17:27:42.0218 0640 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
17:27:42.0218 0640 Wdf01000 - ok
17:27:42.0234 0640 WDICA - ok
17:27:42.0265 0640 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:27:42.0265 0640 wdmaud - ok
17:27:42.0281 0640 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:27:42.0281 0640 WebClient - ok
17:27:42.0343 0640 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:27:42.0343 0640 winmgmt - ok
17:27:42.0375 0640 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:27:42.0375 0640 WmdmPmSN - ok
17:27:42.0406 0640 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:27:42.0406 0640 Wmi - ok
17:27:42.0453 0640 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:27:42.0453 0640 WmiApSrv - ok
17:27:42.0531 0640 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:27:42.0531 0640 WMPNetworkSvc - ok
17:27:42.0562 0640 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:27:42.0562 0640 WpdUsb - ok
17:27:42.0578 0640 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:27:42.0578 0640 wscsvc - ok
17:27:42.0609 0640 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:27:42.0609 0640 wuauserv - ok
17:27:42.0640 0640 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:27:42.0656 0640 WudfPf - ok
17:27:42.0656 0640 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:27:42.0656 0640 WudfRd - ok
17:27:42.0687 0640 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:27:42.0687 0640 WudfSvc - ok
17:27:42.0703 0640 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:27:42.0703 0640 WZCSVC - ok
17:27:42.0734 0640 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:27:42.0734 0640 xmlprov - ok
17:27:42.0734 0640 ================ Scan global ===============================
17:27:42.0781 0640 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:27:42.0796 0640 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:27:42.0812 0640 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:27:42.0859 0640 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:27:42.0859 0640 [Global] - ok
17:27:42.0859 0640 ================ Scan MBR ==================================
17:27:42.0890 0640 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:27:43.0062 0640 \Device\Harddisk0\DR0 - ok
17:27:43.0062 0640 ================ Scan VBR ==================================
17:27:43.0062 0640 [ 444DE6022F0BF83526BF5379C16BF920 ] \Device\Harddisk0\DR0\Partition1
17:27:43.0062 0640 \Device\Harddisk0\DR0\Partition1 - ok
17:27:43.0125 0640 [ A1606FEE5F76155AF231FE177EB65BB0 ] \Device\Harddisk0\DR0\Partition2
17:27:43.0125 0640 \Device\Harddisk0\DR0\Partition2 - ok
17:27:43.0140 0640 [ 5C283592C48ACE350FECF2EA3547DE3E ] \Device\Harddisk0\DR0\Partition3
17:27:43.0140 0640 \Device\Harddisk0\DR0\Partition3 - ok
17:27:43.0156 0640 [ B89283DAFF7C1DC0F1A8C999B81ED4C3 ] \Device\Harddisk0\DR0\Partition4
17:27:43.0156 0640 \Device\Harddisk0\DR0\Partition4 - ok
17:27:43.0171 0640 ============================================================
17:27:43.0171 0640 Scan finished
17:27:43.0171 0640 ============================================================
17:27:43.0187 4256 Detected object count: 0
17:27:43.0187 4256 Actual detected object count: 0
17:27:59.0203 5600 Deinitialize success
  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Do you mean the tools we have been using the clean the computer ?

That's what I meant :)

I'm not sure what do you mean by RAID configuration...

Then you most likely aren't using that kind of configuration or you would know.

The TDSSKiller log came back clean.

This is fron the MalwareBytes scan:

D:\AutoCAD 2009\Crack.zip (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
D:\AutoCAD 2009\Crack\xf-acad9-32-BITS.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.

Crack files are a great way to get infected. They often come with more than just a way to crack the program. FYI, using crack files as a way to bypass commercial programs is not legal.

Let's remove the things that ESET found. Also, your hard drive is pretty fragmented so we need to defragment it and then we will update Firefox.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\Documents and Settings\WinXP\Application Data\Chrome_manager\src\main.js
C:\Documents and Settings\WinXP\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-eu.cab
C:\Documents and Settings\WinXP\Application Data\[email protected]\content\overlay.js
C:\Documents and Settings\WinXP\Local Settings\Application Data\Opera\Opera\widgets\opera_manager\includes\q.js
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0
C:\Program Files\Alnaddy.com
D:\Downloads\BestCodecsPackSetup.exe
D:\Downloads\cbsidlm-tr1_11-TeamSpeak_Client-ORG-86315.exe
D:\Downloads\etypesetup.exe
D:\Downloads\icytower15_install.exe
D:\Downloads\SoftonicDownloader_for_windows-live-messenger.exe
D:\My Documents\Downloads\Unconfirmed 665666.crdownload

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-2.

Defragment the Hard-Drive:

  • Click Start , then click Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and press the Enter key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Deragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Type in EXIT and and press the Enter key to close the command window.

Step-3

Update Fifefox

  • At the top of the Firefox window click the Firefox button.
  • Go over to the Help menu and select About Firefox.
    The About Firefox window will open and Firefox will begin checking for updates. If updates are available, they will begin downloading automatically.
    Posted Image
  • When the updates are downloaded and ready to be installed, click Apply Update. Firefox will be restarted and the updates will be installed.
Posted Image


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if the defrag was successful
2. Let me know if FF updated successfully.
3. The OTL fixes log
4. The new OTL.txt log
  • 0

#19
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The first step is not working when i paste and then press run fix i get a message down saying " Killing process...Don't interrupt" and nothing happens for 30 minutes later and then i had to restart my PC , i tried this 3 times !

Another thing , i get this message on computer start-up i need to fix it please :


Posted Image


My gaming account has been hacked once again ,i need to know what's the problem ! this is getting so irritated !

Edited by KarimEhab, 25 May 2013 - 05:56 PM.

  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
HI,

MalwareBytes removed the C:\Documents and Settings\WinXP\Application Data\java_u.jar file.

Please open MalewareBytes and click the Quarintine tab.
In the list of quarantined items find C:\Documents and Settings\WinXP\Application Data\java_u.jar and click it once to highlight it.
Then click the Restore button at the bottom of the window.

That should restore the java_u.jar file.

As for the gaming account I am asking some colleagues more familiar with on line gaming that me to take a look at your logs and see if I have missed anything.

For right now just restore the file from MalwareBytes. Once it has been restored reboot the computer and see if the error message is gone. IF it is skip Step 1 and continue with Step 2 and 3 of my previous post.

Let me know how that went and I will be back once I have done some consulting on the hacking problem.
  • 0

#21
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
1. i have no idea if the defrag was successfull or not but i was completed.

2. Firefox was updated successfully

3. OTL fixes isn't working

4. OTL LOG

OTL logfile created on: 27/05/2013 02:53:41 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\WinXP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.40% Memory free
3.85 Gb Paging File | 2.69 Gb Available in Paging File | 69.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 8.28 Gb Free Space | 28.25% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 22.82 Gb Free Space | 33.38% Space Free | Partition Type: NTFS
Drive E: | 97.65 Gb Total Space | 48.72 Gb Free Space | 49.89% Space Free | Partition Type: NTFS
Drive F: | 102.77 Gb Total Space | 94.35 Gb Free Space | 91.80% Space Free | Partition Type: NTFS

Computer Name: HOME2 | User Name: WinXP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/25 23:27:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WinXP\Desktop\OTL.exe
PRC - [2013/05/24 06:20:50 | 003,237,376 | ---- | M] () -- D:\BBot\BMega.exe
PRC - [2013/05/17 13:04:36 | 000,074,752 | ---- | M] () -- D:\Riot games\League of Legends\rads\projects\lol_air_client\releases\0.0.1.21\deploy\LolClient.exe
PRC - [2013/05/15 03:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/04/19 08:53:28 | 004,927,488 | ---- | M] (CipSoft GmbH) -- D:\Tibia\Tibia.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/01 14:44:48 | 002,226,704 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2013/03/28 13:56:26 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2013/03/15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/07 19:37:52 | 000,933,904 | ---- | M] (Research In Motion) -- C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
PRC - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2012/05/24 12:14:29 | 002,686,976 | ---- | M] () -- D:\Riot games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.160\deploy\LoLLauncher.exe
PRC - [2011/10/29 01:27:32 | 001,294,336 | ---- | M] () -- D:\Riot games\League of Legends\rads\system\rads_user_kernel.exe
PRC - [2009/06/14 23:13:23 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/12/08 21:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 20:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 20:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 13:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 13:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/24 06:20:50 | 003,237,376 | ---- | M] () -- D:\BBot\BMega.exe
MOD - [2013/05/24 06:20:50 | 000,378,368 | ---- | M] () -- D:\BBot\BDll.dll
MOD - [2013/05/17 13:04:36 | 000,074,752 | ---- | M] () -- D:\Riot games\League of Legends\rads\projects\lol_air_client\releases\0.0.1.21\deploy\LolClient.exe
MOD - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/25 16:03:03 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
MOD - [2012/11/25 11:40:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
MOD - [2012/11/25 11:40:49 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
MOD - [2012/11/25 11:40:33 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
MOD - [2012/11/25 11:40:07 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
MOD - [2012/11/25 11:40:00 | 001,657,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
MOD - [2012/11/25 11:39:55 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
MOD - [2012/11/25 11:39:53 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
MOD - [2012/11/25 11:39:50 | 014,327,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
MOD - [2012/11/25 11:39:23 | 012,216,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
MOD - [2012/11/25 11:38:43 | 003,313,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
MOD - [2012/11/25 11:38:16 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
MOD - [2012/11/25 11:37:51 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
MOD - [2012/05/24 12:14:29 | 002,686,976 | ---- | M] () -- D:\Riot games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.160\deploy\LoLLauncher.exe
MOD - [2011/10/29 01:27:32 | 001,294,336 | ---- | M] () -- D:\Riot games\League of Legends\rads\system\rads_user_kernel.exe
MOD - [2010/05/21 06:11:34 | 000,401,408 | ---- | M] () -- D:\BBot\sqlite3.dll
MOD - [2008/08/02 06:20:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll


========== Services (SafeList) ==========

SRV - [2013/05/27 00:21:12 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2009/06/14 23:13:23 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2008/12/08 21:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 20:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 20:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 13:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 13:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 15:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/05/22 10:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130525.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 10:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130525.006\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/21 15:39:25 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/17 11:28:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/09/17 11:28:56 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/30 15:19:40 | 000,016,640 | -H-- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/06/15 03:39:05 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/06/14 23:19:23 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/06/14 23:13:24 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2009/01/13 13:10:08 | 005,015,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/11/18 17:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/10/13 11:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 11:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 11:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/21 10:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/08/21 10:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008/06/16 15:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.eg/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3A8A015C-E411-4F2B-A5FF-938029DAD573}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: support%40mozilla.com:2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/28 13:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/28 13:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/27 00:21:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/27 00:21:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\WinXP\Application Data\[email protected] [2013/05/20 19:09:23 | 000,000,000 | ---D | M]

[2009/06/14 22:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Extensions
[2013/05/23 20:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\rl476fg9.default\extensions
[2013/02/03 15:16:23 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\rl476fg9.default\extensions\[email protected]
[2012/09/22 01:59:49 | 000,550,833 | ---- | M] () (No name found) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\rl476fg9.default\extensions\[email protected]
[2013/05/27 00:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/27 00:20:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/27 00:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/27 00:20:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/27 00:21:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/20 19:09:23 | 000,000,000 | ---D | M] (Firefox Extension Manager) -- C:\DOCUMENTS AND SETTINGS\WINXP\APPLICATION DATA\[email protected]
[2013/03/28 13:57:05 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: RealDownloader = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\

O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - HKCU..\Run: [Oracle Java] C:\WINDOWS\System32\javaw.exe (Oracle Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1035D8E2-6646-4128-BE00-3D40428A66F3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\WinXP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WinXP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/15 03:28:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/17 01:03:04 | 000,000,000 | ---D | M] - D:\AutoCAD 2004 -- [ NTFS ]
O32 - AutoRun File - [2009/06/26 18:17:04 | 000,000,000 | ---D | M] - D:\AutoCAD 2009 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/27 00:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/26 13:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\Tibia
[2013/05/26 13:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tibia
[2013/05/25 23:27:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WinXP\Desktop\OTL.exe
[2013/05/25 17:21:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\WinXP\Desktop\tdsskiller.exe
[2013/05/24 20:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Desktop\Computer fix
[2013/05/24 14:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\Malwarebytes
[2013/05/24 14:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/24 14:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/05/24 14:46:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/05/24 14:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/23 20:41:03 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\WinXP\Desktop\aswMBR.exe
[2013/05/23 20:34:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/21 15:17:32 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/05/21 03:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\VS Revo Group
[2013/05/21 03:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013/05/21 03:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013/05/21 03:14:48 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/05/21 03:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/05/21 00:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\SUPERAntiSpyware.com
[2013/05/21 00:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/05/21 00:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/05/21 00:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/05/20 19:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Start Menu\Programs\Zezenia Online
[2013/05/20 19:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tibia Preview
[2013/05/20 19:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\vst
[2013/05/20 19:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/20 19:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\My Documents
[2013/05/20 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2013/05/20 19:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/05/20 19:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Graboid_Inc
[2013/05/20 19:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Start Menu\Programs\Graboid Video
[2013/05/20 19:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2013/05/20 19:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/05/14 18:21:33 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/05/12 02:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\[email protected]
[2013/05/12 02:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Opera
[2013/05/12 02:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\Chrome_manager
[2013/05/12 00:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\NVIDIA
[2013/05/12 00:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/05/12 00:14:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/05/12 00:14:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/05/12 00:14:23 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/05/11 23:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/05/11 23:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2013/05/11 23:58:25 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2013/05/11 23:57:52 | 006,074,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/05/11 23:57:52 | 002,733,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/05/11 23:57:52 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/05/11 23:57:52 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3231422.dll
[2013/05/11 23:57:52 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3231422.dll
[2013/05/11 23:57:51 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/05/11 23:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/05/11 23:57:18 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/05/09 18:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\vlc
[2013/05/09 14:22:39 | 000,000,000 | ---D | C] -- D:\My Documents\Graboid
[2013/05/09 14:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Graboid Inc
[2013/05/09 14:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Graboid
[2013/05/09 14:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Geckofx
[2013/05/09 14:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/05/09 14:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2013/05/09 14:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/05/01 01:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\ZezeniaOnline
[2009/06/14 22:53:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\WinXP\Application Data\pcouffin.sys
[5 C:\Documents and Settings\WinXP\*.tmp files -> C:\Documents and Settings\WinXP\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/27 02:59:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/27 02:54:32 | 000,008,140 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/05/27 02:41:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-776561741-1801674531-1004UA.job
[2013/05/27 02:00:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 21bed078-3aee-4cba-ba66-e495dac7d0ff.job
[2013/05/27 00:54:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8ee91123-69ad-4f6f-9b5f-8bad10781501.job
[2013/05/26 23:41:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-776561741-1801674531-1004Core.job
[2013/05/26 14:42:05 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/26 14:41:55 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/26 14:41:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/05/26 14:41:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/26 14:41:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/26 14:41:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/26 14:40:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/26 13:15:15 | 000,000,428 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Tibia.lnk
[2013/05/26 13:15:15 | 000,000,428 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2013/05/26 13:03:51 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/25 23:58:30 | 000,197,118 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\untitled.bmp
[2013/05/25 23:27:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WinXP\Desktop\OTL.exe
[2013/05/25 17:21:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\WinXP\Desktop\tdsskiller.exe
[2013/05/25 15:42:24 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/25 15:42:23 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\Google Chrome.lnk
[2013/05/24 16:32:44 | 000,001,961 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2013/05/24 14:54:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/05/24 14:46:11 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/23 23:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/23 20:44:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\MBR.dat
[2013/05/23 20:42:41 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\WinXP\Desktop\aswMBR.exe
[2013/05/23 13:45:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/21 15:45:57 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\AdwCleaner.exe
[2013/05/21 15:39:25 | 000,015,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013/05/21 15:37:44 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\RogueKiller.exe
[2013/05/21 03:14:50 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/05/21 03:14:49 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/05/21 00:53:22 | 000,001,683 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2013/05/19 21:15:52 | 001,083,956 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/05/19 21:15:52 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/05/19 21:15:49 | 001,083,956 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/05/17 04:08:50 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\Zezenia Online.lnk
[2013/05/16 19:42:28 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tibia Preview.lnk
[2013/05/14 18:13:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/13 16:10:10 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\fairplay.exe.lnk
[2013/05/13 16:02:39 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
[2013/05/13 15:38:04 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\Shortcut to procexp.exe.lnk
[2013/05/13 02:02:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/12 02:09:19 | 001,335,014 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\sqlite.jar
[2013/05/12 00:16:01 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/05/11 23:58:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/05/11 23:40:42 | 000,198,612 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/05/11 23:31:28 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/09 14:19:17 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\Graboid Video.lnk
[2013/05/06 00:53:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013/04/30 17:17:15 | 000,000,447 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\BMega.exe.lnk
[5 C:\Documents and Settings\WinXP\*.tmp files -> C:\Documents and Settings\WinXP\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/26 17:59:08 | 000,803,985 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\java_u.jar
[2013/05/26 13:15:15 | 000,000,428 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Tibia.lnk
[2013/05/26 13:15:15 | 000,000,428 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2013/05/25 23:56:28 | 000,197,118 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\untitled.bmp
[2013/05/24 14:46:11 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/23 20:44:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\MBR.dat
[2013/05/21 20:19:46 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/21 15:45:54 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\AdwCleaner.exe
[2013/05/21 15:39:25 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013/05/21 15:37:36 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\RogueKiller.exe
[2013/05/21 03:14:50 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/05/21 03:14:49 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/05/21 02:35:00 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/21 00:54:19 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8ee91123-69ad-4f6f-9b5f-8bad10781501.job
[2013/05/21 00:54:17 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 21bed078-3aee-4cba-ba66-e495dac7d0ff.job
[2013/05/21 00:53:22 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2013/05/19 21:14:55 | 000,016,514 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/05/17 04:08:50 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\Zezenia Online.lnk
[2013/05/16 19:42:28 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tibia Preview.lnk
[2013/05/13 16:10:11 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\fairplay.exe.lnk
[2013/05/13 16:02:39 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
[2013/05/13 15:38:06 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\Shortcut to procexp.exe.lnk
[2013/05/12 02:09:10 | 001,335,014 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\sqlite.jar
[2013/05/12 00:16:01 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/05/12 00:16:01 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/05/12 00:08:45 | 000,008,140 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/05/11 23:58:20 | 001,083,956 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/05/11 23:58:20 | 001,083,956 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/05/11 23:58:20 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/05/11 23:58:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/05/11 23:57:52 | 002,288,632 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/05/09 14:19:17 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\Graboid Video.lnk
[2013/04/30 17:17:19 | 000,000,447 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\BMega.exe.lnk
[2013/03/18 17:44:28 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\dwin5811.dat
[2013/02/02 12:22:59 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012/12/20 00:51:56 | 001,157,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/11/24 10:24:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/13 23:37:06 | 000,096,048 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/29 18:53:25 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/10/05 17:50:15 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\WinXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/01 00:54:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/15 03:37:26 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\WinXP\DelBB8.bat
[2009/06/14 22:53:32 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\ezpinst.exe
[2009/06/14 22:53:32 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\pcouffin.cat
[2009/06/14 22:53:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\pcouffin.inf

========== ZeroAccess Check ==========

[2009/06/15 03:30:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#22
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,
I am putting together some things. I will be back with you shortly.
  • 0

#23
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
waiting for you. take your time
  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Sorry about the delay. I took Memorial Day off. I have been discussing the hacking of your gaming account with some colleagues. Nothing just jumps out at us. In the meantime, do you have another computer that you can use to change the password on your gaming account? If you do please change it from the clean computer and then don't log back in using this computer until we can find the cause.

1. i have no idea if the defrag was successful or not but i was completed.

You can check that by having the Defrag program analyze the hard drive.

To check for fragmented files and folders on a volume:

  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Defragmenter.
  • Click the volume that you want to analyze.
  • Click Analyze to begin the analysis.
After the analysis has completed you will get a message telling you how fragmented the disk is and if defragmenting is recommended. The FSS scan showed the disk as 19% fragmented. I'm guessing that the defragmenter analysis will show that the drive does not require fragmenting now.

2. Firefox was updated successfully

Thanks

3. OTL fixes isn't working

OK. The emptytemp command in an OTL fix does two things... it first attempts to kill all processes and the last thing it does is empty the temp files. It worked the first time we used it but there are some times that that command hangs a system up. So we will try it a different way and see if it will work. We will also stop SuperAntiSpyware from running at startup.

We are gonna run a RogueKiller fix and see if a new OTL fix will run. Then we are gonna run a couple of additional tools and see what they find, if anything.

There is one other thing I want yo ask you about. In the Extras log you posted this showed up:

Error - 19/05/2013 10:59:11 | Computer Name = HOME2 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\UpdatusUser\ntuser.dat

Error - 19/05/2013 10:59:11 | Computer Name = HOME2 | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - The process
cannot access the file because it is being used by another process.

Error - 19/05/2013 10:59:12 | Computer Name = HOME2 | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 19/05/2013 10:59:12 | Computer Name = HOME2 | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

This indicetes a corrupted user profile. Are you noticing any problems with the user sccount you are using?


Step-1.

To disable SUPERAntiSpyware from launching when Windows is booted:
  • Open the program and hit Preferences and then uncheck the box that says Start SUPERAntiSpyware when Windows starts.
  • Close the program and reboot the computer.

Step-2.

Re-run RogueKiller

Quit all programs and close all browsers.
  • Double click the RogueKiller icon to run the program.
  • Wait until Prescan has finished ...
  • Click the Registry tab and put a check mark in the boxes beside the following:
    • [RUN][SUSP PATH] HKCU\[...]\Run : Oracle Java ("C:\WINDOWS\system32\javaw.exe" -jar "C:\Documents and Settings\WinXP\Application Data\java_u.jar") [-] -> FOUND
    • [RUN][SUSP PATH] HKUS\S-1-5-21-448539723-776561741-1801674531-1004[...]\Run : Oracle Java ("C:\WINDOWS\system32\javaw.exe" -jar "C:\Documents and Settings\WinXP\Application Data\java_u.jar") [-] -> FOUND
  • Click on the Delete button.

    Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
Please post:
The RKreport.txt files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.


Step-3.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Doube-click the JRT.exe file to launch the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-4.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:PROCESSES
killallprocesses

:COMMANDS
[createrestorepoint]

:FILES
C:\Documents and Settings\WinXP\Application Data\Chrome_manager\src\main.js
C:\Documents and Settings\WinXP\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-eu.cab
C:\Documents and Settings\WinXP\Application Data\[email protected]\content\overlay.js
C:\Documents and Settings\WinXP\Local Settings\Application Data\Opera\Opera\widgets\opera_manager\includes\q.js
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0
C:\Program Files\Alnaddy.com
D:\Downloads\BestCodecsPackSetup.exe
D:\Downloads\cbsidlm-tr1_11-TeamSpeak_Client-ORG-86315.exe
D:\Downloads\etypesetup.exe
D:\Downloads\icytower15_install.exe
D:\Downloads\SoftonicDownloader_for_windows-live-messenger.exe
D:\My Documents\Downloads\Unconfirmed 665666.crdownload


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-5.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console (XP only)

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Step-6.

Open OTL and click the box beside Scan All Users and then click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:[list]
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.


Step-7.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question about any problems with your computer user account.
2. The RKreport[2] and RKreport[3].txt logs
3. The JRT.txt log
4. The OTL fixes log
5. The ComboFix log
6. The new OTL.txt log
  • 0

#25
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
User returned.
  • 0

#27
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Concerning the gaming issue , i have changed my password on the infected computer and since the last change nothing happened but while working on the computer malwarebytes gave me several times a small messages right down the screen saying that it has been blocking something , about the Defragment i have analyzed my C: directory and it doesn't need Defragment although my E: and D: needs Defragment.


1. I can't notice anything wrong with my computer user account or at least nothing that has been irritating.


2.The RKreport[2] and RKreport[3].txt logs

The RKreport[2]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : WinXP [Admin rights]
Mode : Remove -- Date : 05/28/2013 19:47:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Oracle Java ("C:\WINDOWS\system32\javaw.exe" -jar "C:\Documents and Settings\WinXP\Application Data\java_u.jar") [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x89BE4AB8)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x89BE4A80)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8936FCE0)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x89356DA0)
SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x89B8FD88)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89CBB548)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x89DB1CC0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x89BE5DC0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x89BE5D88)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x89E05880)
SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x89BF2228)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x89BC2AF8)
SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x89CB7358)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x89BBEEC0)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x89BC90B0)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x89C1D828)
SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x89B84F78)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x89BF2260)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x89D1B118)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x89C110A0)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x89BC4258)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89371778)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x88ADD300)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AVVS-63L2B0 +++++
--- User ---
[MBR] 213bf2b52cc36b103dc7a957ad897f2d
[BSP] 3017bab7b9905d4ec32e398efa6e17c6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61432560 | Size: 275238 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05282013_02d1947.txt >>
RKreport[1]_S_05282013_02d1945.txt ; RKreport[2]_D_05282013_02d1947.txt


RKreport[3]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : WinXP [Admin rights]
Mode : Shortcuts HJfix -- Date : 05/28/2013 19:51:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 14 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 96 / Fail 0
My documents: Success 21 / Fail 21
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 274 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[G:] \Device\CdRom0 -- 0x5 --> Skipped
[H:] \Device\Harddisk1\DP(1)0-0+8 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_05282013_02d1951.txt >>
RKreport[1]_S_05282013_02d1945.txt ; RKreport[2]_D_05282013_02d1947.txt ; RKreport[3]_SC_05282013_02d1951.txt

3. The JRT.txt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by WinXP on 28/05/2013 at 19:54:18.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\WinXP\Application Data\mozilla\firefox\profiles\rl476fg9.default\invalidprefs.js
Successfully deleted: [File] "C:\Documents and Settings\WinXP\Application Data\mozilla\firefox\profiles\rl476fg9.default\extensions\[email protected]"
Successfully deleted the following from C:\Documents and Settings\WinXP\Application Data\mozilla\firefox\profiles\rl476fg9.default\prefs.js

user_pref("extensions.alnaddyToolbar.admin", false);
user_pref("extensions.alnaddyToolbar.aflt", "wbpk");
user_pref("extensions.alnaddyToolbar.appId", "{D651E893-3D08-458D-A242-0E6B862E6507}");
user_pref("extensions.alnaddyToolbar.autoRvrt", "false");
user_pref("extensions.alnaddyToolbar.dfltLng", "");
user_pref("extensions.alnaddyToolbar.dfltSrch", true);
user_pref("extensions.alnaddyToolbar.excTlbr", false);
user_pref("extensions.alnaddyToolbar.hmpgUrl", "hxxp://www.alnaddy.com/?afltid=wbpk");
user_pref("extensions.alnaddyToolbar.id", "305f62d800000000000000241d511618");
user_pref("extensions.alnaddyToolbar.instlDay", "15782");
user_pref("extensions.alnaddyToolbar.instlRef", "");
user_pref("extensions.alnaddyToolbar.keyWordUrl", "hxxp://www.alnaddy.com/search/?q=");
user_pref("extensions.alnaddyToolbar.newTabUrl", "hxxp://www.alnaddy.com/?afltid=wbpk");
user_pref("extensions.alnaddyToolbar.prdct", "alnaddyToolbar");
user_pref("extensions.alnaddyToolbar.prtnrId", "alnaddy");
user_pref("extensions.alnaddyToolbar.srchPrvdr", "Alnaddy");
user_pref("extensions.alnaddyToolbar.tlbrId", "alnaddy1");
user_pref("extensions.alnaddyToolbar.tlbrSrchUrl", "hxxp://www.alnaddy.com/search/?q=");
user_pref("extensions.alnaddyToolbar.vrsn", "1.6.9.16");
user_pref("extensions.alnaddyToolbar.vrsni", "1.6.9.16");
user_pref("extensions.alnaddyToolbar_i.dnsErr", true);
user_pref("extensions.alnaddyToolbar_i.hmpg", true);
user_pref("extensions.alnaddyToolbar_i.newTab", true);
user_pref("extensions.alnaddyToolbar_i.smplGrp", "none");
user_pref("extensions.alnaddyToolbar_i.vrsnTs", "1.6.9.1615:37:48");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/05/2013 at 19:57:33.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


4. The OTL fixes didn't work again and did the same thing as before

5. Doesn't work as well.

Posted Image

6. New OTL.log

OTL logfile created on: 02/06/2013 13:52:46 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\WinXP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 48.81% Memory free
3.85 Gb Paging File | 2.91 Gb Available in Paging File | 75.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 7.67 Gb Free Space | 26.18% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 22.76 Gb Free Space | 33.29% Space Free | Partition Type: NTFS
Drive E: | 97.65 Gb Total Space | 48.73 Gb Free Space | 49.90% Space Free | Partition Type: NTFS
Drive F: | 102.77 Gb Total Space | 94.35 Gb Free Space | 91.80% Space Free | Partition Type: NTFS

Computer Name: HOME2 | User Name: WinXP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/25 23:27:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WinXP\Desktop\OTL.exe
PRC - [2013/05/23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/28 13:56:26 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2013/03/15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/07 19:37:52 | 000,933,904 | ---- | M] (Research In Motion) -- C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
PRC - [2013/03/07 19:37:52 | 000,752,656 | ---- | M] (Research In Motion) -- C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
PRC - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/06/14 23:13:23 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/12/08 21:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 20:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 20:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 13:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 13:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/25 16:04:44 | 001,356,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
MOD - [2012/11/25 16:04:22 | 001,706,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
MOD - [2012/11/25 16:03:17 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
MOD - [2012/11/25 16:03:16 | 011,796,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
MOD - [2012/11/25 16:03:03 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
MOD - [2012/11/25 16:02:49 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
MOD - [2012/11/25 16:02:27 | 002,338,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
MOD - [2012/11/25 16:02:22 | 001,056,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
MOD - [2012/11/25 11:41:00 | 000,240,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
MOD - [2012/11/25 11:40:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
MOD - [2012/11/25 11:40:49 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
MOD - [2012/11/25 11:40:33 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
MOD - [2012/11/25 11:40:07 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
MOD - [2012/11/25 11:40:00 | 001,657,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
MOD - [2012/11/25 11:39:55 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
MOD - [2012/11/25 11:39:53 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
MOD - [2012/11/25 11:39:50 | 014,327,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
MOD - [2012/11/25 11:39:23 | 012,216,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
MOD - [2012/11/25 11:38:43 | 003,313,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
MOD - [2012/11/25 11:38:16 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
MOD - [2012/11/25 11:37:51 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
MOD - [2012/11/25 11:37:50 | 005,931,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012/11/25 11:37:08 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/11/25 11:35:21 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2008/08/02 06:20:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/01/08 22:09:00 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/05/27 00:21:12 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/08 00:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2009/06/14 23:13:23 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2008/12/08 21:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 20:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 20:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 13:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 13:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 15:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/05/22 10:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130531.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 10:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130531.024\NAVENG.SYS -- (NAVENG)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/17 11:28:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/09/17 11:28:56 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/30 15:19:40 | 000,016,640 | -H-- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/06/15 03:39:05 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/06/14 23:19:23 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/06/14 23:13:24 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2009/01/13 13:10:08 | 005,015,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/11/18 17:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/10/13 11:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 11:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 11:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/21 10:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/08/21 10:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008/06/16 15:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-448539723-776561741-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-448539723-776561741-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-448539723-776561741-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.eg/
IE - HKU\S-1-5-21-448539723-776561741-1801674531-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-448539723-776561741-1801674531-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-448539723-776561741-1801674531-1004\..\SearchScopes\{3A8A015C-E411-4F2B-A5FF-938029DAD573}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKU\S-1-5-21-448539723-776561741-1801674531-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-448539723-776561741-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448539723-776561741-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-448539723-776561741-1801674531-1006\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: support%40mozilla.com:2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/28 13:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/28 13:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/27 00:21:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/27 00:21:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\WinXP\Application Data\[email protected] [2013/05/20 19:09:23 | 000,000,000 | ---D | M]

[2009/06/14 22:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Extensions
[2013/05/28 19:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\rl476fg9.default\extensions
[2013/02/03 15:16:23 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\rl476fg9.default\extensions\[email protected]
[2013/05/27 00:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/27 00:20:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/27 00:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/27 00:20:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/27 00:21:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/20 19:09:23 | 000,000,000 | ---D | M] (Firefox Extension Manager) -- C:\DOCUMENTS AND SETTINGS\WINXP\APPLICATION DATA\[email protected]
[2013/03/28 13:57:05 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: RealDownloader = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\WinXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\

O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-21-448539723-776561741-1801674531-1006..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-448539723-776561741-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-448539723-776561741-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-448539723-776561741-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1035D8E2-6646-4128-BE00-3D40428A66F3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\WinXP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WinXP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/15 03:28:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/17 01:03:04 | 000,000,000 | ---D | M] - D:\AutoCAD 2004 -- [ NTFS ]
O32 - AutoRun File - [2009/06/26 18:17:04 | 000,000,000 | ---D | M] - D:\AutoCAD 2009 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/30 12:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Desktop\New Folder
[2013/05/28 20:35:34 | 005,073,758 | ---- | C] (Swearware) -- C:\Documents and Settings\WinXP\Desktop\ComboFix.exe
[2013/05/28 19:54:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/05/28 19:53:45 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/28 19:50:51 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\WinXP\Desktop\JRT.exe
[2013/05/28 19:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Desktop\RK_Quarantine
[2013/05/27 00:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/26 13:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\Tibia
[2013/05/26 13:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tibia
[2013/05/25 23:27:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WinXP\Desktop\OTL.exe
[2013/05/25 17:21:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\WinXP\Desktop\tdsskiller.exe
[2013/05/24 20:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Desktop\Computer fix
[2013/05/24 14:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\Malwarebytes
[2013/05/24 14:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/24 14:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/05/24 14:46:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/05/24 14:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/23 20:41:03 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\WinXP\Desktop\aswMBR.exe
[2013/05/23 20:34:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/21 15:17:32 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/05/21 03:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\VS Revo Group
[2013/05/21 03:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013/05/21 03:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013/05/21 03:14:48 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/05/21 03:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/05/21 00:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\SUPERAntiSpyware.com
[2013/05/21 00:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/05/21 00:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/05/21 00:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/05/20 19:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Start Menu\Programs\Zezenia Online
[2013/05/20 19:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tibia Preview
[2013/05/20 19:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\vst
[2013/05/20 19:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/20 19:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\My Documents
[2013/05/20 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2013/05/20 19:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/05/20 19:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Graboid_Inc
[2013/05/20 19:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Start Menu\Programs\Graboid Video
[2013/05/20 19:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2013/05/20 19:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/05/14 18:21:33 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/05/12 02:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\[email protected]
[2013/05/12 02:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Opera
[2013/05/12 02:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\Chrome_manager
[2013/05/12 00:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\NVIDIA
[2013/05/12 00:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/05/12 00:14:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/05/12 00:14:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/05/12 00:14:23 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/05/11 23:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/05/11 23:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2013/05/11 23:58:25 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2013/05/11 23:57:52 | 006,074,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/05/11 23:57:52 | 002,733,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/05/11 23:57:52 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/05/11 23:57:52 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3231422.dll
[2013/05/11 23:57:52 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3231422.dll
[2013/05/11 23:57:51 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/05/11 23:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/05/11 23:57:18 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/05/09 18:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\vlc
[2013/05/09 14:22:39 | 000,000,000 | ---D | C] -- D:\My Documents\Graboid
[2013/05/09 14:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Graboid Inc
[2013/05/09 14:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Graboid
[2013/05/09 14:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Local Settings\Application Data\Geckofx
[2013/05/09 14:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/05/09 14:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2013/05/09 14:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2009/06/14 22:53:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\WinXP\Application Data\pcouffin.sys
[5 C:\Documents and Settings\WinXP\*.tmp files -> C:\Documents and Settings\WinXP\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/02 13:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/02 13:56:34 | 000,008,544 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/06/02 13:41:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-776561741-1801674531-1004UA.job
[2013/06/02 13:40:43 | 000,180,546 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\untitled.bmp
[2013/06/02 12:32:52 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/06/02 11:59:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/02 10:44:43 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/06/02 10:44:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/06/02 10:44:37 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/06/02 10:43:55 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/06/02 10:43:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/02 02:00:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 21bed078-3aee-4cba-ba66-e495dac7d0ff.job
[2013/06/01 23:41:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-776561741-1801674531-1004Core.job
[2013/06/01 16:54:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8ee91123-69ad-4f6f-9b5f-8bad10781501.job
[2013/06/01 14:19:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/31 23:31:01 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/30 23:52:44 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/30 13:45:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/28 20:36:12 | 005,073,758 | ---- | M] (Swearware) -- C:\Documents and Settings\WinXP\Desktop\ComboFix.exe
[2013/05/28 19:50:53 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\WinXP\Desktop\JRT.exe
[2013/05/27 10:10:53 | 001,589,347 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\handout MUSEUM.pdf
[2013/05/26 13:15:15 | 000,000,428 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Tibia.lnk
[2013/05/26 13:15:15 | 000,000,428 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2013/05/25 23:27:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WinXP\Desktop\OTL.exe
[2013/05/25 17:21:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\WinXP\Desktop\tdsskiller.exe
[2013/05/25 15:42:24 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/25 15:42:23 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\Google Chrome.lnk
[2013/05/24 16:32:44 | 000,001,961 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2013/05/24 14:54:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/05/24 14:46:11 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/23 23:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/23 20:44:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\MBR.dat
[2013/05/23 20:42:41 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\WinXP\Desktop\aswMBR.exe
[2013/05/21 15:45:57 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\AdwCleaner.exe
[2013/05/21 15:37:44 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\RogueKiller.exe
[2013/05/21 03:14:50 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/05/21 00:53:22 | 000,001,683 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2013/05/19 21:15:52 | 001,083,956 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/05/19 21:15:52 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/05/19 21:15:49 | 001,083,956 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/05/17 04:08:50 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\Zezenia Online.lnk
[2013/05/16 19:42:28 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tibia Preview.lnk
[2013/05/13 16:10:10 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\fairplay.exe.lnk
[2013/05/13 16:02:39 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
[2013/05/13 15:38:04 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\Shortcut to procexp.exe.lnk
[2013/05/13 02:02:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/12 02:09:19 | 001,335,014 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\sqlite.jar
[2013/05/12 00:16:01 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/05/11 23:58:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/05/11 23:40:42 | 000,198,612 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/05/09 14:19:17 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\Graboid Video.lnk
[2013/05/06 00:53:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[5 C:\Documents and Settings\WinXP\*.tmp files -> C:\Documents and Settings\WinXP\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/02 13:39:46 | 000,180,546 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\untitled.bmp
[2013/05/27 10:10:46 | 001,589,347 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\handout MUSEUM.pdf
[2013/05/26 13:15:15 | 000,000,428 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Tibia.lnk
[2013/05/26 13:15:15 | 000,000,428 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2013/05/24 14:46:11 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/23 20:44:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\MBR.dat
[2013/05/21 20:19:46 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/21 15:45:54 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\AdwCleaner.exe
[2013/05/21 15:37:36 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\RogueKiller.exe
[2013/05/21 03:14:50 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/05/21 02:35:00 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
[2013/05/21 00:54:19 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8ee91123-69ad-4f6f-9b5f-8bad10781501.job
[2013/05/21 00:54:17 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 21bed078-3aee-4cba-ba66-e495dac7d0ff.job
[2013/05/21 00:53:22 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2013/05/19 21:14:55 | 000,016,514 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/05/17 04:08:50 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\Zezenia Online.lnk
[2013/05/16 19:42:28 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tibia Preview.lnk
[2013/05/13 16:10:11 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\fairplay.exe.lnk
[2013/05/13 16:02:39 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
[2013/05/13 15:38:06 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\Shortcut to procexp.exe.lnk
[2013/05/12 02:09:10 | 001,335,014 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\sqlite.jar
[2013/05/12 00:16:01 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/05/12 00:16:01 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/05/12 00:08:45 | 000,008,544 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/05/11 23:58:20 | 001,083,956 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/05/11 23:58:20 | 001,083,956 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/05/11 23:58:20 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/05/11 23:58:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/05/11 23:57:52 | 002,288,632 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/05/09 14:19:17 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\Graboid Video.lnk
[2013/03/18 17:44:28 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\dwin5811.dat
[2013/02/02 12:22:59 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012/12/20 00:51:56 | 001,157,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/11/24 10:24:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/13 23:37:06 | 000,096,048 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/29 18:53:25 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/10/05 17:50:15 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\WinXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/01 00:54:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/15 03:37:26 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\WinXP\DelBB8.bat
[2009/06/14 22:53:32 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\ezpinst.exe
[2009/06/14 22:53:32 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\pcouffin.cat
[2009/06/14 22:53:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\pcouffin.inf

========== ZeroAccess Check ==========

[2009/06/15 03:30:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the update and logs. Looks like the problem with ComboFix was a bad download. Let's delete the ComboFix.exe file on the desktop and then download it again and run it. Please make sure you are downloading to the desktop. Let's try the OTL fix without killing processes and see if it will complete.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\Documents and Settings\WinXP\Application Data\Chrome_manager\src\main.js
C:\Documents and Settings\WinXP\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-eu.cab
C:\Documents and Settings\WinXP\Application Data\[email protected]\content\overlay.js
C:\Documents and Settings\WinXP\Local Settings\Application Data\Opera\Opera\widgets\opera_manager\includes\q.js
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0
C:\Program Files\Alnaddy.com
D:\Downloads\BestCodecsPackSetup.exe
D:\Downloads\cbsidlm-tr1_11-TeamSpeak_Client-ORG-86315.exe
D:\Downloads\etypesetup.exe
D:\Downloads\icytower15_install.exe
D:\Downloads\SoftonicDownloader_for_windows-live-messenger.exe
D:\My Documents\Downloads\Unconfirmed 665666.crdownload

:COMMANDS
[reboot]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy. Make sure it is saved to the desktop.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console (XP only)

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The ComboFix.txt log
  • 0

#29
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
1. The OTL fixes log

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Documents and Settings\WinXP\Application Data\Chrome_manager\src\main.js moved successfully.
C:\Documents and Settings\WinXP\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-eu.cab moved successfully.
C:\Documents and Settings\WinXP\Application Data\[email protected]\content\overlay.js moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Opera\Opera\widgets\opera_manager\includes\q.js moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Documents and Settings\WinXP\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar\1.6.9.16\bh folder moved successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar\1.6.9.16 folder moved successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar folder moved successfully.
C:\Program Files\Alnaddy.com folder moved successfully.
D:\Downloads\BestCodecsPackSetup.exe moved successfully.
D:\Downloads\cbsidlm-tr1_11-TeamSpeak_Client-ORG-86315.exe moved successfully.
D:\Downloads\etypesetup.exe moved successfully.
D:\Downloads\icytower15_install.exe moved successfully.
D:\Downloads\SoftonicDownloader_for_windows-live-messenger.exe moved successfully.
D:\My Documents\Downloads\Unconfirmed 665666.crdownload moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 06042013_000323


2. The combofix didn't work again and gave me the same message i have uploaded in my previous comment.
  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's disable the anti virus and clear the browser's cache and then try the download again. Since I don't know what browser you are using I am including a link to a page with directions to clear the browser cache for all major browsers.


Step-1.

Disabling Symantec Antivirus

  • To disable Symantec Endpoint Protection, open Symantec Endpoint Protection and then click Change settings from the left menu bar.

    Posted Image
  • Click Configure Settings next to Antivirus and Antispyware Protection. Click the File System Auto-Protect tab and uncheck the box labeled Enable File System Auto-Protect. Click OK.

    Posted Image
  • Click Configure Settings next to Proactive Threat Protection. Uncheck the boxes labeled Scan for trojans and worms and Scan for keyloggers. Click OK.
Posted Image


Step-2.

Disable any Download Managers if you have any running.


Step-3.

Open the browser you want to use then click here to go to the web page and follow the directions to clear the cache for the browser you are using.


Step-4.

Now delete the ComboFix.exe file from the desktop and download a fresh copy.
Close the browser and run ComboFix according to the instructions in post #28.


Step-5.

Important: You should reenable Symantec Endpoint Protection once you are done installing programs that required you to disable it. To reenable:

  • Open Symantec Endpoint Protection and then click Change settings from the left menu bar.
  • Click Configure Settings next to Antivirus and Antispyware Protection. Click the File System Auto-Protect tab and check the box labeled Enable File System Auto-Protect. Click OK.
  • Click Configure Settings next to Proactive Threat Protection. Check the boxes labeled Scan for trojans and worms and Scan for keyloggers. Click OK.

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The ComboFix log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP