Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware [Solved]


  • This topic is locked This topic is locked

#31
heyage13

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
In lamans terms..what was the issue? How did that fix fix the error? Just curious thanks.
  • 0

Advertisements


#32
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
I've remove bad Chrome extension, but I was not sure that it's resolvd problem in 100%, so I decided to reset Chrome settings. I can't see any other problems in logs, that I can fix. But we have some issus:

I see files downloaded from torrent in logs.

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.
We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.


Step 1:
Download and install Internet Explorer 10
Note:
If english is not your system language, please type Internet Explorer 10 in google and download from Microsoft site proper version.

Step 2:

Error - 14/10/2013 4:59:11 PM | Computer Name = RoomPC-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2

That means problem with hard disk or motherboard. I'm suggesting to start new topic in hardware section.

Step 3:
I need to take a look before I tell "all clear":
Posted ImageOTL Quick Scan

Run OTL again:

Posted Image

and hit Quick Scan button:

Posted Image

This scan won't take long. Please post log in next replay.

Step 4:
  • Double click the aswMBR.exe to run it.
  • Agreed to update.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop as mbrfix.txt and post in your next reply.

    Posted Image

In your next post I want to see:
  • OTL Quick Scan log.
  • aswMBR log.

Do you think something is wrong?
  • 0

#33
heyage13

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
OTL logfile created on: 30/11/2013 1:21:38 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Room PC\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 66.65% Memory free
6.50 Gb Paging File | 5.18 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 656.60 Gb Free Space | 70.50% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 641.18 Gb Free Space | 34.42% Space Free | Partition Type: NTFS

Computer Name: ROOMPC-PC | User Name: Room PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/30 13:21:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Room PC\Downloads\OTL.exe
PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/23 02:19:06 | 000,932,640 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/10/23 02:19:05 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/10/17 20:35:59 | 014,650,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2013/10/17 20:35:01 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/10/17 20:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2012/12/14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/12/14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2012/12/12 14:37:10 | 000,054,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/14 18:10:30 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/10/10 02:29:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/14 19:41:00 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 19:40:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/10 10:28:19 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/17 20:35:59 | 014,650,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/10/17 20:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/09 17:34:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/10 21:17:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/04/16 14:53:02 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV - [2013/10/23 05:24:25 | 010,410,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/09/27 18:01:42 | 000,033,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/06/16 07:38:15 | 000,161,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/04/17 01:56:20 | 000,018,704 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2012/12/05 16:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012/11/02 15:37:10 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/04/09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2012/03/26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012/02/09 01:06:40 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/07/13 12:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 12:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/27 18:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 18:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 18:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 16:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/10/13 02:16:02 | 000,049,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009/07/13 17:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2008/04/28 15:59:20 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/02/20 14:47:44 | 000,765,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 B3 05 D9 13 07 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Room PC\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/21 15:45:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/21 15:45:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - Extension: Google Docs = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Personal Trainer = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke\1.7_0\
CHR - Extension: Planner 5D = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: Google Wallet = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Pop Art Studio Online = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oompiimecpnflklhlnmdpddcjdmiibkf\1.0.0.0_0\
CHR - Extension: Psykopaint = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Weather Underground = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: World Clocks = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej\5.0_0\
CHR - Extension: Gmail = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABE211A-EB13-4D5B-BAE4-4B9C78D45C27}: DhcpNameServer = 64.71.255.204 64.71.255.198
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/28 09:10:44 | 000,000,000 | ---D | C] -- C:\Users\Room PC\AppData\Roaming\e-academy Inc
[2013/11/28 09:10:44 | 000,000,000 | ---D | C] -- C:\Users\Room PC\AppData\Local\e-academy Inc
[2013/11/28 08:54:18 | 000,000,000 | ---D | C] -- C:\Users\Room PC\Desktop\fixlist
[2013/11/26 20:00:58 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/24 13:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/23 18:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/23 12:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2013/11/23 11:48:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/22 20:15:19 | 000,000,000 | ---D | C] -- C:\Users\Room PC\AppData\Roaming\AVAST Software
[2013/11/22 20:14:40 | 000,269,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/22 20:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/21 19:19:57 | 000,000,000 | ---D | C] -- C:\Users\Room PC\AppData\Roaming\eCyber
[2013/11/20 17:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2013/11/16 13:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saints Row IV
[2013/11/16 13:25:43 | 000,000,000 | ---D | C] -- C:\Users\Room PC\AppData\Roaming\NVIDIA
[2013/11/16 13:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/11/03 23:23:54 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/12/22 11:26:24 | 487,666,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Room PC\AppData\Roaming\AcrobatPro_10_Web_WWEFD.exe

========== Files - Modified Within 30 Days ==========

[2013/11/30 13:20:17 | 000,668,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/30 13:20:17 | 000,129,116 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/30 13:18:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/30 13:16:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/30 13:15:58 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/30 02:27:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/30 01:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/29 19:10:39 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/29 19:10:39 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/29 00:00:50 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/11/29 00:00:50 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/11/24 13:59:51 | 000,002,229 | ---- | M] () -- C:\Users\Room PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/23 12:20:23 | 000,001,798 | ---- | M] () -- C:\Users\Room PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/11/22 20:14:37 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/21 03:00:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2013/11/28 23:59:29 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/11/28 23:59:29 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/11/24 13:18:13 | 000,002,229 | ---- | C] () -- C:\Users\Room PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/24 13:17:45 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/24 13:17:44 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/03 23:22:44 | 000,018,174 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013/08/29 22:15:26 | 000,000,827 | ---- | C] () -- C:\Users\Room PC\.swfinfo
[2013/07/29 18:03:06 | 003,426,956 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013/06/12 15:58:38 | 000,039,904 | ---- | C] () -- C:\Windows\System32\DiscHandler.exe
[2013/06/08 06:54:10 | 003,915,776 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2013/06/08 06:53:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/06/08 06:52:30 | 000,271,360 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2013/06/08 06:52:12 | 000,157,184 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2013/06/08 06:52:10 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2013/06/08 06:52:10 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2013/06/08 06:52:08 | 001,525,760 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2013/06/08 06:52:08 | 000,211,968 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2013/06/08 06:52:08 | 000,114,688 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2013/06/08 06:52:06 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2013/05/20 10:43:32 | 000,446,128 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2013/05/20 10:43:32 | 000,280,624 | ---- | C] () -- C:\Windows\System32\avutil-lav-52.dll
[2013/05/20 10:43:32 | 000,190,640 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2013/05/20 10:43:32 | 000,172,216 | ---- | C] () -- C:\Windows\System32\avresample-lav-1.dll
[2013/05/20 10:43:30 | 007,856,976 | ---- | C] () -- C:\Windows\System32\avcodec-lav-55.dll
[2013/05/20 10:43:30 | 001,315,240 | ---- | C] () -- C:\Windows\System32\avformat-lav-55.dll
[2013/05/20 10:43:30 | 000,202,344 | ---- | C] () -- C:\Windows\System32\avfilter-lav-3.dll
[2013/05/19 14:54:44 | 000,000,884 | RHS- | C] () -- C:\Users\Room PC\ntuser.pol
[2013/04/02 15:56:38 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013/02/21 15:42:30 | 000,221,508 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013/02/21 15:42:30 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013/02/10 19:23:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/09/29 17:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\System32\Formats.ini
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/22 20:15:19 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\AVAST Software
[2013/08/18 14:00:54 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\Avid
[2013/11/30 02:27:42 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\Azureus
[2013/08/19 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\DWA-542A1
[2013/11/28 09:10:44 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\e-academy Inc
[2013/11/21 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\eCyber
[2013/09/02 01:41:12 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\Electronic Arts
[2013/05/03 08:47:51 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\ICAClient
[2013/08/21 16:12:19 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\Opera
[2013/08/17 10:35:09 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\PACE Anti-Piracy
[2013/02/21 14:06:19 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\redsn0w
[2013/08/17 10:35:36 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\Trillium Lane
[2013/11/16 19:56:38 | 000,000,000 | ---D | M] -- C:\Users\Room PC\AppData\Roaming\XBMC

========== Purity Check ==========



< End of report >



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-30 13:35:30
-----------------------------
13:35:30.421 OS Version: Windows 6.1.7601 Service Pack 1
13:35:30.421 Number of processors: 2 586 0xF0B
13:35:30.422 ComputerName: ROOMPC-PC UserName: Room PC
13:35:31.803 Initialize success
13:37:22.850 AVAST engine defs: 13113000
13:38:17.821 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:38:17.823 Disk 0 Vendor: ST3160812AS 3.AAH Size: 152627MB BusType: 3
13:38:17.825 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
13:38:17.827 Disk 1 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953869MB BusType: 3
13:38:17.955 Disk 1 MBR read successfully
13:38:17.957 Disk 1 MBR scan
13:38:17.963 Disk 1 Windows 7 default MBR code
13:38:17.966 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:38:18.005 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953766 MB offset 206848
13:38:18.045 Disk 1 scanning sectors +1953519616
13:38:18.126 Disk 1 scanning C:\Windows\system32\drivers
13:38:31.137 Service scanning
13:38:42.975 Service MpKsl7cd97675 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A8630047-2DF4-44C9-BA50-F01DF2E6B545}\MpKsl7cd97675.sys **LOCKED** 32
13:39:01.790 Modules scanning
13:39:08.525 Disk 1 trace - called modules:
13:39:08.545 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:39:08.550 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86772ac8]
13:39:08.554 3 CLASSPNP.SYS[8bfbf59e] -> nt!IofCallDriver -> [0x862a3918]
13:39:08.559 5 ACPI.sys[8bcb03d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x862ee908]
13:39:10.398 AVAST engine scan C:\Windows
13:39:12.789 AVAST engine scan C:\Windows\system32
13:42:29.062 AVAST engine scan C:\Windows\system32\drivers
13:42:45.487 AVAST engine scan C:\Users\Room PC
13:55:59.978 AVAST engine scan C:\ProgramData
14:03:53.612 Scan finished successfully
14:04:20.020 Disk 1 MBR has been saved successfully to "C:\Users\Room PC\Desktop\MBR.dat"
14:04:20.065 The log file has been saved successfully to "C:\Users\Room PC\Desktop\mbrfix.txt"


I dont feel like anything is wrong.
  • 0

#34
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Good news: your system is clean now!

A good workman always cleans up after himself. Please let me remove my tools:

Step 1:
Uninstall OTL:
Run OTL again and hit CleanUp! button.

Step 2:
  • Run ESET Online Scanner one more time
  • Click Start. After the virus signature database finishes updating, click Stop
  • Tick Uninstall application on close
  • Tick Delete quarantines files
  • Click Finish

Step 3:
Keep system updated:
Make sure the Windows Update is turned on. Enable Windows Update is the most basic step to prevent from infections. The fastest way is open this site in Internet Explorer: http://windowsupdate.microsoft.com/

Step 4:
Keep your Antivirus software turned on and updated! Make sure that realtime antivirus protection and firewall module is working.

Step 5:
Keep software updated:
You should install software updates to Java, Flash Player, Silverlight, Adobe Reader etc... It's a lot of job, so you can improve this process by one of following programs:
FileHippo's Update Checker (UDC)
Software Update Monitor Lite (SUMo)

Step 6:
Backup your registry:

This article would be helpfull - http://www.geekstogo...ry-using-erunt/

Step 7:
Clean temp files in future:

Use TFC. Be sure to save any unsaved work before running TFC. Hit the Start button. Agreed for the restart.

Step 8:
Clear infected system restore points and create clear one:

http://www.geekstogo...restore-points/

Step 9:
Here is some advices for future:

  • Run MBAM scan one per a month.
  • Don't click any links that source you don't know.
  • Don't turn off antivirus active scan and firewall.
  • Turn off autorun removeavaible media - it's easy by Panda USB Vaccine
  • Monitor running processes.
  • Don't install p2p programs.
  • Install AdBlock Plus and WOT (Web of Trust) Add-ones
  • Install only software that you really want. Often during install free software other adware programs are included default. It's good to choose advanced install method and check where and what you actually install.
  • Do not install "Go faster", "Optimize" or "Tweaking" - programs

  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP