Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My PC is Sick and acting so weird :( [Solved]

Started by frichieny , Jun 19 2013 09:18 AM

  • This topic is locked This topic is locked

#16
Phel
Posted 23 June 2013 - 02:23 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello :)

So, what's up with your problem now?
  • 0

Advertisements

#17
frichieny
Posted 25 June 2013 - 03:01 AM

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
The PC is very Fine now :) and Thank you very very much again hehe :) I've decided to Study Here at GeekU to Pass Forward what you did to me :) and When i have a Job I will treat you Hehe :) Thank you very much phel now i can enroll to GeekU because my PC is Clean hehe. Am i allowed to Enroll here even if im studying in college? Oh yeah is it possible that after you format an EHD the sality wont be removed Im pretty sure Thats where i got that sality :/ Thank you vert much again phel and to your teachers and GeekU Long Live and wish you guys all the best :))
  • 0

#18
Phel
Posted 25 June 2013 - 02:14 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

The PC is very Fine now
I've decided to Study Here at GeekU


Wow, nice to hear that. :thumbsup:

m i allowed to Enroll here even if im studying in college?


If you can spend some free time here once in 48 hours - that would be ideal.

Oh yeah is it possible that after you format an EHD the sality wont be removed


No, the format will remove all the Sality related files, so it won't spread using the formatted EHD anymore. If you wish to prevent re-infection, please install Antivirus software and disable Autorun.

now i can enroll to GeekU because my PC is Clean hehe


Nope, you can't admit, until your topic in Malware Removal forum will be closed. ;) I'm not sure that your computer is absolutely clean, so we have to scan for some Malware Remnants. So, please, follow these steps:

Step 1. MBAM scan.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

So, please, don't forget to post in your next message:

  • ESET Online Scanner's log
  • MBAM log

  • 0

#19
frichieny
Posted 28 June 2013 - 10:10 PM

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
Sorry for very late reply :( I was busy at school huhuhu



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.28.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dela Cruz :: DELACRUZ [administrator]

6/29/2013 9:22:05 AM
mbam-log-2013-06-29 (09-22-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226228
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#20
frichieny
Posted 29 June 2013 - 02:47 AM

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=06ec66cd3cb25c419d0390d0c72a49ee
# engine=14194
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-29 06:29:39
# local_time=2013-06-29 02:29:39 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=136708
# found=14
# cleaned=14
# scan_time=3664
sh=F60B339AF0A81741C99A8F1B39D086975D0F687B ft=1 fh=7da278ab514e138f vn="a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Dela Cruz\Desktop\Hack [bleep]\Important\CheatEngine62.exe"
sh=89E7BCA9D431A53548B8FF305EF2E5D8E01E525C ft=1 fh=7423431f8a7fc1bf vn="Win32/InstalleRex.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\CWMv4.0.0.2_ODIN.tar.exe"
sh=B992B1FBC9684D92D22EC378418C9B441FD3A63B ft=1 fh=ff16944562620a35 vn="a variant of Win32/YourFileDownloader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\fire_red_v1_0_usa_pokemmo_downloader_ph_99370.exe"
sh=3D06AD3ED8E0FCA76CEDAFDE2562F21B18B07805 ft=1 fh=0b55f84ab1140e69 vn="Win32/InstalleRex.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\John Tucker Must Die (2006) 720p BrRip x264 - 650MB - YIFY.exe"
sh=6A30D2C2C92FC0B84DB9E8C3DD81279DDC1B706C ft=1 fh=840e474b7acd69bc vn="Win32/InstalleRex.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\kingdom_rush_frontiers_hd-(v1.0)-cracklords.ipa.exe"
sh=CBE8092C040AE9C2376BF28FDF23232EC107DEBE ft=1 fh=5b8e0e2e0ec0e5a5 vn="Win32/InstalleRex.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\kingdom_rush_frontiers_hd-(v1.0)-cracklords.ipa_2.exe"
sh=A492F9722A14D0868169C04056689C5701E2923C ft=1 fh=982ae49ea20b84db vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\SoftonicDownloader_for_cryptload.exe"
sh=9923CDFE31FD9FDBB792557EEEADDA0B44877176 ft=1 fh=45549d446f3b5ace vn="a variant of Win32/HackTool.CheatEngine.AB application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Cheat Engine 6.2\cheatengine-i386.exe"
sh=CA3F51EC1897756636232998193325B830F22F26 ft=1 fh=3702c3e3af3ccb17 vn="a variant of Win32/HackTool.CheatEngine.AF application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Cheat Engine 6.2\standalonephase1.dat"
sh=8149C9B6B8CB952E73160EEACF149C94CEBA3EAD ft=1 fh=6e83046dcbd7e235 vn="a variant of Win32/BitCoinMiner.D application (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\04162013_224254\C_Documents and Settings\Dela Cruz\Application Data\Windows\Data\cgminer.exe"
sh=EB930B8E404501112D480E7AFCB0864199577A37 ft=1 fh=c71c0011d58bbde9 vn="a variant of Win32/TrashBytes.I application (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\06232013_124055\C_\lnts.pif"
sh=EB930B8E404501112D480E7AFCB0864199577A37 ft=1 fh=c71c0011d58bbde9 vn="a variant of Win32/TrashBytes.I application (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\06232013_124055\D_\yhmiru.exe"
sh=315323CE62C8B7761017BD0969A75137F0B474AA ft=1 fh=195098062a605246 vn="a variant of Win32/Bundled.Toolbar.Ask.C application (cleaned by deleting - quarantined)" ac=C fn="D:\YTDSetup.exe"
sh=11FAD91EE40B83E4D84F53E05F899B4D95C90C47 ft=1 fh=8f0e204be3651cb9 vn="a variant of MSIL/Packed.CryptoObfuscator.C application (cleaned by deleting - quarantined)" ac=C fn="D:\Paws\Wimax Tools\Wimaxtool.exe"
  • 0

#21
frichieny
Posted 29 June 2013 - 02:48 AM

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
:)
  • 0

#22
Phel
Posted 29 June 2013 - 02:51 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Can you please run OTL scan once more?
  • 0

#23
frichieny
Posted 02 July 2013 - 05:57 AM

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
OTL logfile created on: 7/2/2013 8:04:15 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.29 Mb Total Physical Memory | 498.04 Mb Available Physical Memory | 48.67% Memory free
2.90 Gb Paging File | 2.39 Gb Available in Paging File | 82.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.15 Gb Total Space | 3.77 Gb Free Space | 6.16% Space Free | Partition Type: NTFS
Drive D: | 87.89 Gb Total Space | 13.28 Gb Free Space | 15.11% Space Free | Partition Type: NTFS

Computer Name: DELACRUZ | User Name: Dela Cruz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/20 08:24:11 | 000,805,208 | ---- | M] (BitTorrent Inc.) -- D:\Program Files\uTorrent\uTorrent.exe
PRC - [2013/06/20 08:16:56 | 009,873,200 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe
PRC - [2013/06/20 08:16:26 | 000,078,848 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\GarenaTalkOverlay.exe
PRC - [2013/06/20 06:23:43 | 003,540,416 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/06/20 05:45:13 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/12 21:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2008/04/14 05:42:20 | 001,551,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/20 08:16:56 | 009,873,200 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe
MOD - [2013/06/20 08:16:26 | 000,078,848 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\GarenaTalkOverlay.exe
MOD - [2013/06/19 11:39:15 | 000,236,336 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\PluginNews.dll
MOD - [2013/06/19 11:39:14 | 000,856,880 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\ggplugin.dll
MOD - [2013/06/19 11:39:14 | 000,098,608 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\PlatformPlugin.dll
MOD - [2013/06/19 11:39:12 | 000,287,024 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\DailyTaskPlugin.dll
MOD - [2013/06/19 11:39:12 | 000,133,936 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\ClanBoxPlugin.dll
MOD - [2013/06/19 11:39:10 | 000,027,952 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\VersionModule.dll
MOD - [2013/06/19 11:39:03 | 001,903,920 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ggspawn.dll
MOD - [2013/05/29 20:21:27 | 000,957,232 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\XLL.dll
MOD - [2013/05/29 20:21:06 | 000,799,536 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\gagmhook.dll
MOD - [2013/05/29 19:40:09 | 001,961,264 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\Overlay.dll
MOD - [2013/05/03 15:34:54 | 000,184,832 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\ggspawn.dll
MOD - [2013/04/25 19:31:02 | 001,543,984 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\FileSender.dll
MOD - [2013/04/25 19:30:54 | 000,436,528 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\GarenaTalkPlugin.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\libmpg123.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\CxImage.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\DibModule.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\libzmq.dll
MOD - [2013/01/30 16:27:09 | 000,194,864 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\xim\plugin_yahoo.dll
MOD - [2013/01/30 16:27:07 | 000,590,128 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\xim\plugin_msn.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\CommonLib.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\TaskManagerLib.dll
MOD - [2012/12/17 11:03:08 | 000,460,744 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\xim\plugin_xmpp.dll
MOD - [2012/12/17 11:02:49 | 000,147,400 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\xIM.dll
MOD - [2012/09/13 14:19:19 | 000,048,640 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\XmlUIModule.dll
MOD - [2012/08/31 03:10:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2012/07/27 14:59:42 | 000,010,240 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\ClientTcp.dll
MOD - [2012/07/27 14:59:28 | 000,061,952 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\UdtLib.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ServerMemAlloc.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\RSALib.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\MP3Module.dll
MOD - [2012/02/22 16:52:16 | 000,122,136 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ggcode.dll
MOD - [2011/10/18 09:54:25 | 000,056,832 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\PluginKernel.dll
MOD - [2011/10/18 09:54:24 | 000,097,792 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\CommonLib.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2007/01/31 11:33:24 | 000,032,768 | ---- | M] () -- C:\Program Files\Vtune\TBPanelExt.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2013/06/20 06:43:32 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/06/20 06:42:32 | 000,246,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Smart Bro\UpdateDog\ouc.exe -- (Smart Bro. RunOuc)
SRV - [2013/06/20 06:41:19 | 000,162,440 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/20 06:36:21 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/06/20 06:31:49 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/20 06:29:05 | 030,969,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/06/20 06:27:30 | 000,240,264 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/06/20 06:27:14 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/06/20 06:25:11 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/20 06:22:50 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013/06/20 06:22:35 | 000,542,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/06/20 06:22:27 | 000,329,544 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/06/20 06:22:23 | 000,077,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/06/20 05:32:18 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/15 18:59:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/19 12:13:38 | 000,144,712 | ---- | M] (H+H Software GmbH) [Disabled | Stopped] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DELACR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/21 15:04:16 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\apf003.sys -- (apf003)
DRV - [2013/04/10 03:14:50 | 000,013,816 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\WINDOWS\system32\unikey.sys -- (phunter)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/04/03 21:40:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2013/04/03 21:40:51 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/04/03 21:40:51 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/04/03 21:40:51 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2013/02/22 15:17:04 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/02/22 15:17:04 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/02/05 17:52:46 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012/12/06 01:13:58 | 000,022,112 | -HS- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Room\safedrv.sys -- (GGSAFERDriver)
DRV - [2012/11/22 08:43:14 | 000,112,480 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2012/08/24 15:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/04/11 23:40:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012/04/07 02:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/02/22 18:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/11 14:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/10/19 02:53:14 | 006,439,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/04/19 08:52:48 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2011/03/31 19:36:10 | 000,204,384 | ---- | M] (SHADOWDEFENDER.COM) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\diskpt.sys -- (diskpt)
DRV - [2010/04/09 08:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2010/03/23 00:29:08 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2010/03/10 17:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HH10Help.sys -- (HH10Help.sys)
DRV - [2010/03/05 00:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010/03/05 00:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/11/18 14:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 14:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/09/16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP62
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://www.msn.com/?...=OIE8HP&PC=UP62
IE - HKCU\..\URLSearchHook: {e3600b2b-4c86-4697-96bc-74d4d209f6bc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Documents and Settings\Dela Cruz\Application Data\raidcall\plugins\webplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Dela Cruz\Application Data\IDM\idmmzcc5 [2013/01/17 22:23:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Dela Cruz\Application Data\IDM\idmmzcc5 [2013/01/17 22:23:43 | 000,000,000 | ---D | M]

[2012/06/05 14:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Extensions
[2013/06/03 00:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions
[2012/09/25 20:35:42 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]
[2013/06/14 10:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/14 10:54:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/14 10:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/14 10:54:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/14 10:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\distribution\extensions
[2013/06/14 10:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Documents and Settings\Dela Cruz\Application Data\raidcall\plugins\webplugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Garena Talk Plugin (Enabled) = D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
CHR - Extension: Fabulous = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ambjmeohlajelahhhniggkkceagdlcgj\28.5_0\
CHR - Extension: FB Refresh = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdlfdaajmclngiomogmleihllaejcnni\2.0.1_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google One Piece = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gacclaplhgkomiijkahnnkjiofngfkhd\1.0_0\
CHR - Extension: AirMech = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\18062_0\
CHR - Extension: IDM Integration = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: My Chrome Theme = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\

O1 HOSTS File: ([2013/06/07 21:28:06 | 000,000,788 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E3600B2B-4C86-4697-96BC-74D4D209F6BC} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [GarenaPlus] D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D926CD09-FB59-497F-9FE5-0436F3AC5EF7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2012/06/05 13:00:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/11/07 19:49:08 | 000,001,331 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O32 - AutoRun File - [2013/06/20 08:05:56 | 000,899,584 | ---- | M] () - D:\AutoHotkey.exe -- [ NTFS ]
O33 - MountPoints2\{07cfae90-9c64-11e2-842b-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{07cfae90-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07cfae90-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{07cfae93-9c64-11e2-842b-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{07cfae93-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07cfae93-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{12ee8539-a148-11e2-8437-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{12ee8539-a148-11e2-8437-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12ee8539-a148-11e2-8437-0024215b0d23}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{388cb639-058b-11e2-a8d9-0024215b0d23}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{b8d839e9-2d7e-11e2-a8eb-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{b8d839e9-2d7e-11e2-a8eb-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b8d839e9-2d7e-11e2-a8eb-0024215b0d23}\Shell\AutoRun\command - "" = F:\steambackup2.EXE
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/02 19:35:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dela Cruz\Recent
[2013/06/29 09:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/29 09:20:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/29 09:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/20 05:29:54 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\SalityKiller.exe
[2013/06/20 05:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Desktop\salitykiller
[2013/06/19 15:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Carpe Fulgur
[2013/06/19 15:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Carpe Fulgur
[2013/06/15 03:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion Limited
[2013/06/15 03:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2013/06/14 13:28:30 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2013/06/14 13:28:30 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2013/06/14 13:28:30 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2013/06/14 13:28:30 | 000,064,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2013/06/14 13:28:27 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2013/06/14 13:27:08 | 000,755,200 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\cohelper.dll
[2013/06/14 13:26:10 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220140.dll
[2013/06/14 13:26:10 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322060.dll
[2013/06/14 13:25:33 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVCOSMB.DLL
[2013/06/14 10:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/10 05:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\YourFileDownloader
[2013/06/10 02:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Desktop\PokeMMO.eu
[2013/06/06 23:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\[email protected]
[2013/06/06 23:12:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\CasperWiMACHunter
[2013/06/06 23:10:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\syntaxerror00100
[2013/06/06 09:24:25 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/06/06 09:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013/06/04 21:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\My Documents\Imba summoners
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/02 19:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/02 18:20:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003UA.job
[2013/06/30 22:15:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003UA.job
[2013/06/30 12:20:00 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003Core.job
[2013/06/30 03:15:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003Core.job
[2013/06/29 09:20:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/22 22:21:17 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/22 22:21:17 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Google Chrome.lnk
[2013/06/20 08:02:28 | 000,084,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2013/06/20 07:59:40 | 002,817,640 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2013/06/20 07:59:36 | 000,064,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2013/06/20 05:48:14 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2013/06/19 21:12:31 | 000,267,555 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\My Documents\dannce.jpg
[2013/06/19 21:11:35 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2013/06/19 21:10:35 | 000,504,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/19 21:10:35 | 000,088,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/19 20:37:33 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/19 15:17:52 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recettear - An Item Shops Tale.lnk
[2013/06/19 14:50:15 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2013/06/19 14:48:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\5469
[2013/06/16 08:43:31 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iFunbox.lnk
[2013/06/14 22:17:03 | 001,094,820 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/06/14 22:17:03 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/06/14 22:16:56 | 001,094,820 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/06/14 13:28:52 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2013/06/10 08:40:17 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/06/09 20:46:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4bed
[2013/06/09 09:53:10 | 000,003,574 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\recently-used.xbel
[2013/06/09 07:15:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4d64
[2013/06/08 12:08:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4e7d
[2013/06/08 09:44:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\5014
[2013/06/07 21:28:06 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/07 21:28:06 | 000,000,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella
[2013/06/07 20:31:19 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Wifi Connected.url
[2013/06/05 20:20:54 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Internet Explorer.lnk
[2013/06/04 22:21:05 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2013/06/03 15:25:40 | 000,006,370 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\My Documents\Backup .001
[2013/06/03 13:56:13 | 000,169,813 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\My Documents\FAIL.jpg
[2013/06/02 21:55:53 | 000,003,076 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\My Documents\Hey.reg
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/29 09:20:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/19 21:12:31 | 000,267,555 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\My Documents\dannce.jpg
[2013/06/19 15:17:52 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recettear - An Item Shops Tale.lnk
[2013/06/19 14:48:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\5469
[2013/06/14 13:28:17 | 000,016,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/06/14 13:25:55 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2013/06/14 13:25:55 | 000,012,210 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/06/10 05:12:14 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job
[2013/06/09 20:46:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4bed
[2013/06/09 09:53:10 | 000,003,574 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\recently-used.xbel
[2013/06/09 07:15:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4d64
[2013/06/08 12:08:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4e7d
[2013/06/08 09:44:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\5014
[2013/06/07 20:31:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Desktop\Wifi Connected.url
[2013/06/05 20:20:54 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Desktop\Internet Explorer.lnk
[2013/06/03 15:25:38 | 000,006,370 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\My Documents\Backup .001
[2013/06/03 13:56:13 | 000,169,813 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\My Documents\FAIL.jpg
[2013/06/02 21:55:51 | 000,003,076 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\My Documents\Hey.reg
[2013/04/23 13:01:46 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\.gtk-bookmarks
[2013/04/21 15:04:16 | 000,016,304 | ---- | C] () -- C:\WINDOWS\System32\apl003.sys
[2013/04/21 15:04:16 | 000,013,232 | ---- | C] () -- C:\WINDOWS\System32\apf003.sys
[2013/04/16 13:33:17 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Dela Cruz\ntuser.pol
[2013/04/16 13:21:31 | 000,201,802 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\poclbm130302GeForce 9500 GTv1w256l4.bin
[2013/04/10 03:12:40 | 000,013,816 | ---- | C] () -- C:\WINDOWS\System32\unikey.sys
[2013/04/04 03:09:36 | 000,002,759 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\.TransferManager.db
[2013/02/05 17:52:54 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013/01/15 19:58:31 | 000,000,320 | ---- | C] () -- C:\WINDOWS\con_34195430.ini
[2013/01/03 17:38:34 | 000,803,956 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-1659004503-725345543-1003-0.dat
[2013/01/03 17:38:31 | 000,287,434 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/29 19:19:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2012/12/05 15:45:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/08/01 00:46:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\fusioncache.dat
[2012/07/13 16:41:14 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/01 14:46:41 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2012/07/01 01:40:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2012/06/05 20:51:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/06/05 17:18:44 | 000,163,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/05 17:01:53 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/05 17:01:53 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/05 17:01:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/06/05 16:55:34 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/06/05 14:22:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\diskpt.dat
[2012/06/05 14:09:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/05 13:33:25 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2012/06/05 13:30:08 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/06/05 13:28:11 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/06/05 13:02:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/06/05 12:58:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/06/05 13:31:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 003,682,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#24
frichieny
Posted 02 July 2013 - 05:59 AM

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
Sorry for very very very late reply :) we have an exam this week and i have not open my desktop since staurday :)I read some stuffs that i post here and i think i have some ideas on how this thing work :) I cant wait to learn haha
  • 0

#25
Phel
Posted 02 July 2013 - 02:10 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Congratulations, your PC is clean now. :)

However, you need to follow some important steps to remove tools and prevent infection again.

Step 1. Installing Antivirus software.

Without antivirus software you computer is absolutely vulnerable to the newest threats. Removed malware will come back to your PC, because it's absolutely defenceless. So, I strongly recommend you to install Antivirus software.

From all the free antiviruses I'd like to recommend you Microsoft Security Essentials. It is light, fast and free antivirus from Microsoft, which brings you optimal level of protection.

Step 2. Uninstalling Programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

  • ESET Online Scanner

Step 3. CleanUp.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Files
C:\sklo*.txt
C:\SalityKiller.exe

:Commands
[EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • After reboot run OTL again.
  • Click on CleanUp button.
  • OTL will be removed from your computer.

Here are some recommendations for you, how to stay safe in the internet.

  • Keep your system up-to-date. It will increase your protection level, because a lot of malware uses system vulnerabilities.

    To learn more, how to turn Automatic Updates on, click here.
  • Keep another software up-to-date too. Malware often uses third party software vulnerabilities.

    You can monitor news about vulnerabilities or simply install software which will scan your computer for outdated and vulnerable software and will notify you about results. Some of these programs are Secunia PSI (Requires installation, you can download it here) and Secunia OSI (java applet, requires Java Runtime Environment, learn more here).
  • Keep your antivirus software up-to-date.

    Turn on automatic updates for your antivirus, it's a basis of protection. Don't forget to keep your antivirus version up-to-date, new versions usually have advanced functionality, clean and prevent infection more effectively, than outdated versions.
  • Use limited user account. It will considerably increase your level of protection.

    90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing on the internet.
  • Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.

    Some malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. For each account on the internet invent individual password.

Hope that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you! :)

When you will be done with these steps, please, reply to this topic as soon as it's possible. My teacher will close this topic and you will be able to admit to GeekU.
  • 1

Advertisements

#26
frichieny
Posted 06 July 2013 - 07:24 PM

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
Done :)Thank you so much again phel :) now i can enroll now to geeku and i think i passed my exams hohoho :) thank you very much again hehe
  • 0

#27
Essexboy
Posted 07 July 2013 - 03:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 1
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP