Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware problems [Solved]


  • This topic is locked This topic is locked

#1
raps1355

raps1355

    Member

  • Member
  • PipPip
  • 39 posts
Hi All,

I have a problem with malware i believe. Here is what i am experiencing.

Unable to run any spyware, malware type programs etc, unable to visit any site to do with these things too. i get the unable to connect page as if your internent connection was down but its fine and working on any regular site.

What i have tried,

Running removal programs
Renaming already installed programs.
Using them in safe mode.

I was able to run rkill but it didnt solve the problem.

Thanks in advance for any advice.
  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, raps1355 and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

  • Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer. :)
  • Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
  • Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
  • Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
  • Please note, that I'm currently in training. It doesn't mean that my help will be worse than expert help. My posts are carefully checked by experts before they are posted. Please note, that my replies sometimes can come with delays. However, usually it takes less than 24 hours to revise my message by expert and post to you it.
  • Finally, enjoy the fight! ;)

I was able to run rkill but it didnt solve the problem.

Can you please post contents of RKill log in your next message? RKill log is usually located here:

C:\rkill.log

Try to download OTL from here and launch it. If you are still unable to launch it, try to rename it into:

  • OTL.scr
  • explorer.exe
  • 123.pif
NOTE: Don't forget to change extension, when you are renaming this file.

If you will be able to launch OTL, please, follow these steps:

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

  • 0

#3
raps1355

raps1355

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi,

Here is the rkill log.

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 08/17/2013 11:18:26 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\acs.exe (PID: 1600) [WD-HEUR]
* C:\WINDOWS\system32\HPZipm12.exe (PID: 164) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* ALG [Missing Service]
* BITS [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 14964 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 08/17/2013 11:19:54 PM
Execution time: 0 hours(s), 1 minute(s), and 27 seconds(s)
  • 0

#4
raps1355

raps1355

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
The notepad "OTL.Txt"

OTL logfile created on: 17/08/2013 23:24:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.14% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.75% Paging File free
Paging file location(s): C:\pagefile.sys 0 0F:\pagefile.sys 2047 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 183.15 Gb Free Space | 78.65% Space Free | Partition Type: NTFS

Computer Name: ASUSP5K-SE | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 23:23:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.com
PRC - [2012/06/03 17:55:08 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2009/11/04 10:20:04 | 001,507,431 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/08 17:31:24 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/25 17:57:36 | 000,853,800 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/07/25 17:57:08 | 000,548,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/07/24 03:17:10 | 000,078,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010/06/06 17:32:00 | 003,819,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2007/08/08 17:31:14 | 000,410,904 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\rp_skt32.sys -- (RPSKT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Joe\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a2p0xjqv)
DRV - [2013/08/17 20:37:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/07/24 03:10:56 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2013/06/21 01:19:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/10/27 16:40:00 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/07/04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/04/20 05:12:32 | 000,601,088 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2009/01/31 03:55:05 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/05/14 00:08:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/11/01 01:56:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/26 12:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/10/18 20:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/09/05 19:26:56 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {E397187B-6912-4356-95B2-3D204C8F4741}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enGB382
IE - HKCU\..\SearchScopes\{E397187B-6912-4356-95B2-3D204C8F4741}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/03 17:55:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/03 17:55:18 | 000,000,000 | ---D | M]

[2011/04/05 10:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Extensions
[2013/07/25 19:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/14 14:30:18 | 000,434,052 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14941 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [TvtXdnsd] C:\Documents and Settings\Joe\Local Settings\Application Data\lpclpkjm\tvtxdnsd.exe File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199120511546 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{068DCEAB-14A4-4E6D-9C26-03D529310EFD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0EEEF2-16DD-4387-ABD4-AA840C8FA85F}: NameServer = 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Joe\Local Settings\Application Data\lpclpkjm\tvtxdnsd.exe) - C:\Documents and Settings\Joe\Local Settings\Application Data\lpclpkjm\tvtxdnsd.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/31 18:04:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{32acefe0-3762-11dd-ac65-001d60526c5c}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{54a7570c-185f-11de-ae2c-001d60526c5c}\Shell\AutoRun\command - "" = E:\wdsync.exe
O33 - MountPoints2\{5f785bf4-e661-11df-afbd-001d60526c5c}\Shell - "" = AutoRun
O33 - MountPoints2\{5f785bf4-e661-11df-afbd-001d60526c5c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f785bf4-e661-11df-afbd-001d60526c5c}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/17 23:23:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.com
[2013/08/17 20:37:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/07/30 12:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\ff11 stuff
[2013/07/25 19:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hotspot Shield
[2013/07/25 19:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hotspot Shield
[2013/07/25 19:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2013/07/25 19:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Hotspot Shield
[2010/03/07 14:09:26 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Joe\mqdmmdm.sys
[2010/03/07 14:09:26 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Joe\mqdmserd.sys
[2010/03/07 14:09:26 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Joe\mqdmbus.sys
[2010/03/07 14:09:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Joe\usbsermptxp.sys
[2010/03/07 14:09:26 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Joe\usbsermpt.sys
[2010/03/07 14:09:26 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Joe\mqdmmdfl.sys
[2010/03/07 14:09:26 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Joe\mqdmcmnt.sys
[2010/03/07 14:09:26 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Joe\mqdmwhnt.sys
[2010/03/07 14:09:26 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Joe\mqdmcr.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\LocalService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\LocalService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/17 23:23:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.com
[2013/08/17 22:39:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/17 22:07:56 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-515967899-725345543-1004.job
[2013/08/17 22:07:40 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/17 22:07:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/17 22:06:02 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/08/17 20:41:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/17 20:37:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/08/11 17:56:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-515967899-725345543-1004.job
[2013/08/03 13:09:18 | 000,001,124 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2013/07/31 17:28:06 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hotspot Shield.lnk
[2013/07/24 03:10:56 | 000,044,744 | ---- | M] (AnchorFree Inc.) -- C:\WINDOWS\System32\drivers\hssdrv.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/03 13:09:18 | 000,001,124 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2013/07/25 19:33:37 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hotspot Shield.lnk
[2013/06/30 10:34:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/22 19:48:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\SharedSettings.ccs
[2013/05/09 19:00:44 | 000,646,807 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-448539723-515967899-725345543-1004-0.dat
[2013/05/09 19:00:38 | 000,299,122 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/03/17 23:56:13 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mABRyiMF.exe_.b
[2013/03/17 23:56:13 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mABRyiMF.exe.b
[2013/02/21 22:02:23 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/04/04 23:49:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/03/07 14:11:53 | 000,070,690 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem41.PNF
[2010/03/07 14:11:53 | 000,054,341 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem41.inf
[2010/03/07 14:11:53 | 000,016,002 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem36.PNF
[2010/03/07 14:11:53 | 000,015,682 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem33.PNF
[2010/03/07 14:11:53 | 000,014,334 | ---- | C] () -- C:\Documents and Settings\Joe\Copy (2) of oem28.PNF
[2010/03/07 14:11:53 | 000,012,866 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem31.PNF
[2010/03/07 14:11:53 | 000,012,828 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem30.PNF
[2010/03/07 14:11:53 | 000,012,348 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem32.PNF
[2010/03/07 14:11:53 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem36.inf
[2010/03/07 14:11:53 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem33.inf
[2010/03/07 14:11:53 | 000,007,754 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem34.PNF
[2010/03/07 14:11:53 | 000,007,314 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem35.PNF
[2010/03/07 14:11:53 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Joe\1267967513-(null)
[2010/03/07 14:11:53 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem34.inf
[2010/03/07 14:11:53 | 000,006,209 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem31.inf
[2010/03/07 14:11:53 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem30.inf
[2010/03/07 14:11:53 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem32.inf
[2010/03/07 14:11:53 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem35.inf
[2010/03/07 14:09:26 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Joe\MCCI_MDM.INF
[2010/03/07 14:09:26 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Joe\USB_MOT_BRIT.INF
[2010/03/07 14:09:26 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Joe\USBMOT2000.INF
[2010/03/07 14:09:26 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Joe\MCCI_BUS.INF
[2010/03/07 14:09:26 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Joe\USBMOT2000XP.INF
[2010/03/07 14:09:26 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Joe\USB_MOT_A1000.INF
[2010/03/07 14:09:26 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Joe\USB_CMCS_2000.INF
[2010/03/07 14:09:26 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Joe\MCCI_SDM.INF
[2010/03/07 14:09:20 | 000,070,690 | ---- | C] () -- C:\Documents and Settings\Joe\Copy of oem28.PNF
[2010/03/07 14:09:20 | 000,054,341 | ---- | C] () -- C:\Documents and Settings\Joe\1267967360-(null)
[2008/03/04 23:48:34 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/31 18:55:51 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2013/07/01 08:23:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB61774$\3806270353\L
[2013/07/05 19:20:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB61774$\3806270353\U
[2013/07/05 19:08:31 | 000,000,804 | ---- | M] () -- C:\WINDOWS\$NtUninstallKB61774$\3806270353\L\00000004.@
[2007/12/31 17:39:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/23 03:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/01/22 19:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/03/11 18:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/17 20:39:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/27 16:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/09/23 15:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2013/07/25 20:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hotspot Shield
[2012/07/19 16:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/09/19 21:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2013/07/27 18:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/09/12 12:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2013/04/28 22:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2009/01/22 20:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/08/11 23:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2013/08/17 21:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/22 20:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/01/31 19:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/03/24 00:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/22 21:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/04/05 22:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 13:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 00:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/23 00:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/03/23 03:32:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2010/04/01 12:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\4Media Software Studio
[2013/03/23 03:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\AVG
[2011/03/17 20:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\AVG10
[2012/04/23 19:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\ChessBase
[2010/10/27 16:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\DAEMON Tools Lite
[2013/03/11 18:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Dropbox
[2009/09/08 18:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\GetRightToGo
[2013/07/25 19:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Hotspot Shield
[2013/07/11 21:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\LolClient
[2012/07/19 15:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\PFStaticIP
[2013/07/11 19:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Riot Games
[2013/03/11 18:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\TuneUp Software
[2009/08/27 19:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Uniblue
[2013/08/16 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\uTorrent
[2010/04/22 21:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Virgin Broadband

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/10/05 00:02:17 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/10/05 00:02:17 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/04/29 03:11:18 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\8m?) -- C:\WINDOWS\System32\8m“
[2009/04/29 03:11:18 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\8m?) -- C:\WINDOWS\System32\8m“
[2009/04/24 17:15:11 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\0~?) -- C:\WINDOWS\System32\0~“
[2009/04/24 17:15:11 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\0~?) -- C:\WINDOWS\System32\0~“

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B92209D4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:174CD35A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#5
raps1355

raps1355

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
The notepad "Extras.Txt"

OTL Extras logfile created on: 17/08/2013 23:24:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.14% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.75% Paging File free
Paging file location(s): C:\pagefile.sys 0 0F:\pagefile.sys 2047 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 183.15 Gb Free Space | 78.65% Space Free | Partition Type: NTFS

Computer Name: ASUSP5K-SE | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56997:TCP" = 56997:TCP:*:Enabled:Pando Media Booster
"56997:UDP" = 56997:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56997:TCP" = 56997:TCP:*:Enabled:Pando Media Booster
"56997:UDP" = 56997:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{19451766-07CE-4A79-9A6A-61FC0395C319}" = FINAL FANTASY XI: Wings of the Goddess
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FC35134-ED10-47D8-A53D-35607945FDDC}" = FINAL FANTASY XI: Seekers of Adoulin
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}" = MacroMaker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60A34606-E1CB-4DBA-9290-0A432DBF1CD7}" = Triple Triad Extreme
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
"{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT
"{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer and Tetra Master
"{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB179A5E-BDE5-4565-AE14-AA10C64C0572}" = League of Legends
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{ED90F5E3-960A-4BED-B1EF-777D6E4E080F}_is1" = ApRadar 3.3.0.19
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Media MP4 to MP3 converter" = 4Media MP4 to MP3 converter
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Finale NotePad 2008" = Finale NotePad 2008
"HotspotShield" = Hotspot Shield 3.11
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{1FC35134-ED10-47D8-A53D-35607945FDDC}" = FINAL FANTASY XI: Seekers of Adoulin
"InstallShield_{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"InstallShield_{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer and Tetra Master
"InstallShield_{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"League of Legends 3.0.1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PakkISO_is1" = PakkISO 0.4
"RealPlayer 15.0" = RealPlayer
"The KMPlayer" = The KMPlayer (remove only)
"Unlocker" = Unlocker 1.9.1
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Windower" = Windower

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/08/2013 15:52:47 | Computer Name = ASUSP5K-SE | Source = Application Error | ID = 1000
Description = Faulting application lbrsflgk.exe, version 5.6.0.2053, faulting module
unknown, version 0.0.0.0, fault address 0x000355ec.

Error - 17/08/2013 15:59:27 | Computer Name = ASUSP5K-SE | Source = Application Error | ID = 1000
Description = Faulting application lbrsflgk.exe, version 5.6.0.2053, faulting module
unknown, version 0.0.0.0, fault address 0x000355ec.

[ System Events ]
Error - 17/08/2013 16:59:07 | Computer Name = ASUSP5K-SE | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 17/08/2013 16:59:07 | Computer Name = ASUSP5K-SE | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 17/08/2013 16:59:07 | Computer Name = ASUSP5K-SE | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 17/08/2013 16:59:07 | Computer Name = ASUSP5K-SE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AsIO Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT oreans32 RasAcd Rdbss sptd Tcpip

Error - 17/08/2013 17:06:15 | Computer Name = ASUSP5K-SE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 17/08/2013 17:08:42 | Computer Name = ASUSP5K-SE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 17/08/2013 17:08:42 | Computer Name = ASUSP5K-SE | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 17/08/2013 17:08:42 | Computer Name = ASUSP5K-SE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 17/08/2013 18:18:29 | Computer Name = ASUSP5K-SE | Source = Service Control Manager | ID = 7034
Description = The Atheros Configuration Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 17/08/2013 18:18:29 | Computer Name = ASUSP5K-SE | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

#6
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Warning! Your computer is infected with Backdoor infection.

What is Backdoor?

Backdoor is malware, which allows another person to remotely control your computer, so this infection can execute files, download files from the internet or steal your data.

How can you deal with this infection?

We can clean this infection. However, we aren't sure, that you can trust your computer even after removal of this infection. So, there is only one way to completely remove this infection - format your hard drive and reinstall Windows.

Please, read info here to learn more, why you need to reinstall Windows.

So, If you decided to format hard drive and reinstall Windows, please, let me know about it. If you didn't, please, follow these steps:

Step 1. OTL fix.

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a2p0xjqv)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKCU..\Run: [TvtXdnsd] C:\Documents and Settings\Joe\Local Settings\Application Data\lpclpkjm\tvtxdnsd.exe File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Joe\Local Settings\Application Data\lpclpkjm\tvtxdnsd.exe) - C:\Documents and Settings\Joe\Local Settings\Application Data\lpclpkjm\tvtxdnsd.exe File not found
    [2013/03/17 23:56:13 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mABRyiMF.exe_.b
    [2013/03/17 23:56:13 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mABRyiMF.exe.b
    [2009/10/05 00:02:17 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
    [2009/10/05 00:02:17 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
    [2009/04/29 03:11:18 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\8m?) -- C:\WINDOWS\System32\8m“
    [2009/04/29 03:11:18 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\8m?) -- C:\WINDOWS\System32\8m“
    [2009/04/24 17:15:11 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\0~?) -- C:\WINDOWS\System32\0~“
    [2009/04/24 17:15:11 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\0~?) -- C:\WINDOWS\System32\0~“
    [2013/03/23 03:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
    [2013/01/22 19:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
    [2013/03/11 18:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2013/03/23 03:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\AVG
    [2011/03/17 20:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\AVG10
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B92209D4
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:174CD35A
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :Files
    C:\Documents and Settings\Joe\Local Settings\Application Data\lpclpkjm
    
    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Step 2. Avenger fix.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\WINDOWS\$NtUninstallKB61774$

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and rename avenger.exe into avenger.com. After that run avenger.com.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Step 3. aswMBR scan.

  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the [Scan] button to start scan.

    Posted Image
  • On completion of the scan click [Save log], save it to your desktop and post in your next reply.
Step 4. OTL scan.

  • Run OTL.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Then click the Run Scan button at the top.
  • Let the program run unhindered.
  • When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.
So, please, don't forget to post in your next message:

  • OTL.txt
  • Avenger log
  • aswMBR log

  • 0

#7
raps1355

raps1355

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
avenger log

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\WINDOWS\$NtUninstallKB61774$" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#8
raps1355

raps1355

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ok step 3 is blocked by the problem so i cannot download it, what should i do next?
  • 0

#9
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Ok, try to download aswMBR from here. The file name is called 123.com, however, it's just renamed aswMBR executable. After that follow steps 3 and 4.
  • 0

#10
raps1355

raps1355

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi,

It says it cannot download from this site. Is there another way?
  • 0

Advertisements


#11
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

It says it cannot download from this site

Does it show you any message? Can you please say exactly, what does it say?
  • 0

#12
raps1355

raps1355

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
It says this,

Windows Internet Explorer (blue header)

Internet Explorer cannot download 123.com from dl.dropboxusercontent.com

Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.

All i can do once it pops up is click ok.
  • 0

#13
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
OK, let's try to play in another way.

Please, follow these steps:

Step 1. Restoring broken services.

  • Download ESET Services Repair tool from here to your Desktop.
  • Launch ServicesRepair.exe on your Desktop.
  • Click Yes to start repair.
  • When finished, click Yes to reboot you computer.
  • Post the contents of the C:\Documents and Settings\Joe\Desktop\CC Support\Logs\SvcRepair.log in your next message.
Step 2. OTL fix.

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [RESETHOSTS]
    [REBOOT]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Step 3. OTL scan.

  • Run OTL.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    BASESERVICES
    sc query afd /c
    sc query netbt /c
    sc query tcpip /c
    
  • Then click the Run Scan button at the top.
  • Let the program run unhindered.
  • When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.
So, please, don't forget to post in your next message:

  • SvcRepair.log
  • OTL.txt

  • 0

#14
raps1355

raps1355

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi,

When i try to download step 1 it comes up no page to display like the antivirus pages.
  • 0

#15
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Try to download ESET Services repair tool from here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP