Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Explorer.exe wont work on reboot [Solved]

Started by blink10 , Jun 25 2013 05:24 PM

  • This topic is locked This topic is locked

#1
blink10
Posted 25 June 2013 - 05:24 PM

blink10

    Member

  • Member
  • PipPipPip
  • 225 posts
I booted my pc today and left it for 15 minutes the first time and all I had was a wallpaper with no Icons. I restarted but it was the same. So I checked windows task manager and explorer was no where to be seen. So I ran it manually myself. Now everytime I boot , I have to run it myself



OTL logfile created on: 6/25/2013 08:01:09 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Allaho akbar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.16% Memory free
3.84 Gb Paging File | 2.69 Gb Available in Paging File | 70.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.80 Gb Total Space | 12.20 Gb Free Space | 18.55% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 6.24 Gb Free Space | 6.24% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 29.24 Gb Free Space | 19.49% Space Free | Partition Type: NTFS
Drive F: | 149.94 Gb Total Space | 25.47 Gb Free Space | 16.99% Space Free | Partition Type: NTFS

Computer Name: ALLAHO-3FEA220E | User Name: Allaho akbar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/25 20:00:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
PRC - [2013/06/24 13:15:57 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/06/15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/05/23 22:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/15 03:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/12/12 15:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/11/18 13:31:37 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/08/25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/07/31 12:39:14 | 000,658,632 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2012/05/31 18:58:16 | 000,072,632 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\vulnerability_status_provider.dll
MOD - [2012/05/31 18:57:10 | 001,305,016 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
MOD - [2009/03/13 11:30:44 | 000,109,096 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll
MOD - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/05/23 22:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/05 00:46:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/03/15 07:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/28 19:47:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\vfilter.sys -- (pflt)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- G:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAHO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ahd2awzv)
DRV - [2013/06/25 19:51:07 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013/05/25 17:00:12 | 000,115,912 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2013/03/29 21:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/11/28 09:10:35 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/08/25 22:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/05/29 15:55:40 | 000,581,464 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/05/25 19:38:48 | 000,023,896 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/05/25 19:30:34 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/05/24 11:34:46 | 000,140,120 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/05/12 17:13:34 | 000,043,696 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/04/13 13:54:06 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/03/27 18:34:20 | 000,039,728 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/01 04:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/29 13:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{936D9208-EA09-4d41-A0B9-00992EBE65F1}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{D9D0C96B-E727-41cc-9320-4708150E9806}: "URL" = http://search.yahoo....icevm&type=IEBD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Allaho akbar\Application Data\IDM\idmmzcc5 [2013/06/24 13:15:52 | 000,000,000 | ---D | M]

[2012/11/17 11:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allaho akbar\Application Data\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.microsoft...er=6&ar=msnhome
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\plugin/npABPlugin.dll
CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.23_0\IDMGCExt.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0\
CHR - Extension: Safe Money = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.0.3370_0\
CHR - Extension: IDM Integration = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.16.3_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: Bitdefender QuickScan = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Gmail = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_0\

O1 HOSTS File: ([2013/06/25 16:07:30 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - e:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1353063063046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1353063532625 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36A26C56-4AA9-4FC7-AED2-287C1585DD15}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/15 23:34:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/25 19:56:26 | 001,814,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Allaho akbar\Desktop\iExplore.exe
[2013/06/25 15:56:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/25 15:55:41 | 005,082,330 | R--- | C] (Swearware) -- C:\Documents and Settings\Allaho akbar\Desktop\ComboFix.exe
[2013/06/19 22:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\New Folder
[2013/06/19 15:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\bluline
[2013/06/16 23:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\Sherlock
[2013/06/11 23:19:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2013/06/09 21:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Ubisoft Game Launcher
[2013/06/09 21:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Call of Juarez The Cartel
[2013/06/07 18:35:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/07 18:35:10 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/07 17:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\free-mp3-cutter
[2013/06/07 17:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\free-mp3-cutter
[2013/06/06 01:14:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2013/06/04 23:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\Autoruns
[2013/06/04 17:25:19 | 000,000,000 | ---D | C] -- C:\HostsXpert
[2013/06/04 15:46:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
[2013/06/04 02:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\SUPERAntiSpyware.com
[2013/06/04 02:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/06/04 02:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/06/04 02:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/04 01:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\My Documents\call of juarez
[2013/06/04 01:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Call of Juarez
[2013/06/04 01:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Call of Juarez
[2013/06/04 01:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Tracing
[2013/06/04 01:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/06/04 01:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2013/06/04 01:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2013/06/04 01:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2013/06/04 01:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/06/04 01:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013/06/04 01:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2013/06/04 00:59:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/04 00:59:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/04 00:59:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/04 00:59:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/03 23:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\QuickScan
[2013/06/03 18:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\Tarkan - Olurum Sana 1997
[2013/06/02 22:18:04 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3231422.dll
[2013/06/02 22:18:04 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3231422.dll
[2013/06/02 21:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2013/06/02 17:41:49 | 015,668,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2013/06/02 17:41:49 | 000,223,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2013/06/02 17:41:49 | 000,144,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2013/06/02 17:41:49 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2013/06/02 17:40:59 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
[2013/06/02 17:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\NVIDIA
[2013/06/01 23:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2013/06/01 23:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/06/01 23:27:00 | 006,074,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/06/01 23:26:59 | 019,689,472 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/06/01 23:26:59 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/06/01 23:26:59 | 007,745,536 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/06/01 23:26:59 | 002,733,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/06/01 23:26:59 | 002,490,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/06/01 23:26:59 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/06/01 23:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Call of Juarez - Bound in Blood
[2013/06/01 23:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Call of Juarez - Bound in Blood
[2013/06/01 17:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Malwarebytes
[2013/06/01 17:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/01 17:14:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/01 17:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/01 15:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\My Documents\Call of Juarez - Bound in Blood
[2013/06/01 03:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/06/01 03:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/06/01 02:30:28 | 000,000,000 | ---D | C] -- C:\ProcessExplorer
[2013/05/29 01:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2013/05/29 01:25:00 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2013/05/29 01:25:00 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2013/05/29 01:24:59 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2013/05/28 16:41:53 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/05/28 16:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/28 15:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Shrew Soft VPN
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/05/27 14:23:20 | 000,079,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2013/05/27 14:23:20 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll

========== Files - Modified Within 30 Days ==========

[2013/06/25 20:00:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
[2013/06/25 19:56:46 | 001,814,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Allaho akbar\Desktop\iExplore.exe
[2013/06/25 19:51:25 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/06/25 19:51:24 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/06/25 19:51:23 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Allaho akbar.job
[2013/06/25 19:51:07 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2013/06/25 19:50:59 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/25 19:50:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/25 19:43:02 | 000,000,842 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/25 17:24:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/25 16:43:35 | 000,002,786 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/06/25 16:07:30 | 000,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/25 15:54:57 | 005,082,330 | R--- | M] (Swearware) -- C:\Documents and Settings\Allaho akbar\Desktop\ComboFix.exe
[2013/06/24 22:44:02 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Allaho akbar.job
[2013/06/23 22:43:41 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Allaho akbar.job
[2013/06/20 16:34:59 | 000,000,333 | ---- | M] () -- C:\WINDOWS\Jimmy.xml
[2013/06/20 16:16:50 | 000,000,076 | ---- | M] () -- C:\WINDOWS\userList.xml
[2013/06/20 16:16:11 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2013/06/19 23:36:19 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Application Data\mbam.context.scan
[2013/06/19 15:28:40 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blueline.lnk
[2013/06/18 21:24:20 | 688,205,980 | R--- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Cambridge_Advanced_Learners_Dictionary.iso
[2013/06/13 14:59:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/11 23:17:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/10 22:00:01 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Rosetta Stone Version 3.lnk
[2013/06/10 07:03:31 | 001,206,900 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\cryptex.mp3
[2013/06/09 21:11:08 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Juarez The Cartel.lnk
[2013/06/06 01:17:53 | 000,527,218 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/06 01:17:53 | 000,096,566 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/05 19:15:14 | 000,001,248 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\ntbtlog.rar
[2013/06/05 01:03:52 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job
[2013/06/05 01:03:51 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job
[2013/06/04 23:55:18 | 000,052,663 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\AutoRuns check 1.rar
[2013/06/04 17:24:57 | 000,357,766 | ---- | M] () -- C:\HostsXpert.zip
[2013/06/04 02:47:07 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/04 01:40:38 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez DX9.lnk
[2013/06/04 01:03:45 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Update Checker.lnk
[2013/06/04 00:46:55 | 000,361,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/02 22:18:39 | 001,083,296 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/06/02 22:18:39 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/06/02 22:18:35 | 001,083,296 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/06/02 17:41:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/06/02 13:17:31 | 000,003,908 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\RpcSs.reg
[2013/06/02 13:17:31 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\LEGACY_RPCSS.reg
[2013/06/01 23:41:06 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Play Call of Juarez - Bound in Blood.lnk
[2013/06/01 23:21:16 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez - Bound in Blood.lnk
[2013/06/01 17:14:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/01 15:50:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/05/27 02:18:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2013/06/20 16:34:59 | 000,000,333 | ---- | C] () -- C:\WINDOWS\Jimmy.xml
[2013/06/20 16:16:50 | 000,000,076 | ---- | C] () -- C:\WINDOWS\userList.xml
[2013/06/20 16:16:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2013/06/19 23:36:19 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Application Data\mbam.context.scan
[2013/06/19 15:28:40 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blueline.lnk
[2013/06/19 13:05:20 | 688,205,980 | R--- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Cambridge_Advanced_Learners_Dictionary.iso
[2013/06/18 22:40:18 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Allaho akbar.job
[2013/06/18 22:39:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Allaho akbar.job
[2013/06/18 22:39:58 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Allaho akbar.job
[2013/06/09 21:11:08 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Juarez The Cartel.lnk
[2013/06/07 17:49:32 | 001,206,900 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\cryptex.mp3
[2013/06/05 19:15:14 | 000,001,248 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\ntbtlog.rar
[2013/06/04 23:55:18 | 000,052,663 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\AutoRuns check 1.rar
[2013/06/04 17:24:50 | 000,357,766 | ---- | C] () -- C:\HostsXpert.zip
[2013/06/04 02:47:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/04 01:40:38 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez DX9.lnk
[2013/06/04 01:03:45 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Start Menu\Programs\Update Checker.lnk
[2013/06/04 01:03:45 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Update Checker.lnk
[2013/06/04 00:59:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/04 00:59:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/04 00:59:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/04 00:59:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/04 00:59:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/06/02 18:11:16 | 000,374,386 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/02 17:46:12 | 000,002,786 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/06/02 13:17:57 | 000,003,908 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\RpcSs.reg
[2013/06/02 13:17:57 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\LEGACY_RPCSS.reg
[2013/06/01 23:41:06 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Play Call of Juarez - Bound in Blood.lnk
[2013/06/01 23:33:26 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/06/01 23:33:26 | 001,083,296 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/06/01 23:33:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/06/01 23:33:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/06/01 23:27:00 | 000,016,514 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/06/01 23:26:59 | 002,288,632 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/06/01 23:21:16 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez - Bound in Blood.lnk
[2013/06/01 17:14:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/29 01:25:00 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/05/29 01:25:00 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/05/29 01:25:00 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/05/29 01:24:57 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/05/27 14:23:18 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/04/06 02:33:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/03 13:12:52 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\SecurityKISSTunnel.config
[2012/11/27 17:33:34 | 000,001,995 | ---- | C] () -- C:\WINDOWS\AccMling.ini
[2012/11/20 17:50:04 | 021,161,332 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\SKIDROW.rar
[2012/11/18 14:28:28 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/11/17 20:52:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/11/17 11:27:11 | 000,002,072 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/11/16 15:32:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/16 14:59:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/16 11:41:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\WebpageIcons.db
[2012/11/16 10:27:35 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/11/16 10:22:13 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/11/16 10:22:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/11/16 01:23:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/16 01:23:00 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/15 23:36:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/15 23:32:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/11/16 18:13:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 01 July 2013 - 08:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi blink10,

Don't know what is going on there.

Have you been using this as a test machine at all? Tell me when you come back.

In the meantime

Let's do this:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. The 32bit one will be the right version for you.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
blink10
Posted 02 July 2013 - 06:23 AM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Hi emeraldnzl , thank you for answering my topic :)
I do not even know what that means

Have you been using this as a test machine at all?


I have been using my computer in a normal fashion .
Here are the logs :



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by Allaho akbar (administrator) on 02-07-2013 14:14:03
Running from C:\Documents and Settings\Allaho akbar\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
() C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe [658632 2012-07-31] (Zbshareware Lab)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [15668512 2013-03-15] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login [x]
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1982312 2013-03-15] ()
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296096 2012-11-18] (RealNetworks, Inc.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3565432 2013-06-24] (Tonec Inc.)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-15] (SUPERAntiSpyware.com)
HKCU\...\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" [543320 2013-06-17] (Sandboxie Holdings, LLC)
HKU\Default User\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [ 2008-08-08] (DT Soft Ltd)
HKU\Default User\...\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" [x]
HKU\Default User\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [ 2013-05-15] (SUPERAntiSpyware.com)
HKU\Default User\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKU\Default User\...\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H [x]
HKU\Default User\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [ 2012-05-25] (Yahoo! Inc.)
HKU\Default User\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [ 2013-06-24] (Tonec Inc.)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
HKCU SearchScopes: DefaultScope {D9D0C96B-E727-41cc-9320-4708150E9806} URL = http://search.yahoo....icevm&type=IEBD
SearchScopes: HKCU - {D9D0C96B-E727-41cc-9320-4708150E9806} URL = http://search.yahoo....icevm&type=IEBD
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - e:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1353063063046
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1353063532625
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\plugin/npABPlugin.dll No File
CHR Plugin: (Internet Download Manager Plugin) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.23_0\IDMGCExt.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0
CHR Extension: (Safe Money) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0
CHR Extension: (Virtual Keyboard) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.0.3370_0
CHR Extension: (IDM Integration) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.16.3_0
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0
CHR Extension: (Bitdefender QuickScan) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0
CHR Extension: (Gmail) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_0

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-03-02] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [126040 2013-06-17] (Sandboxie Holdings, LLC)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-04-15] (Skype Technologies S.A.)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 gdrv; C:\WINDOWS\gdrv.sys [17488 2013-07-02] (Windows ® 2000 DDK provider)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [115912 2013-05-25] (Tonec Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135984 2012-04-13] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [581464 2012-05-29] (Kaspersky Lab)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [39728 2012-03-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [23896 2012-05-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [24408 2012-05-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43696 2012-05-12] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [140120 2012-05-24] (Kaspersky Lab)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [142592 2009-06-29] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159208 2013-06-17] (Sandboxie Holdings, LLC)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2012-11-28] ()
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
U3 agw742pj; C:\Windows\System32\Drivers\agw742pj.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\ALLAHO~1\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
S4 PciCon; \??\G:\PciCon.sys [x]
S4 pflt; system32\DRIVERS\vfilter.sys [x]
S3 vnet; system32\DRIVERS\virtualnet.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 14:13 - 2013-07-02 14:13 - 00000000 ____D C:\FRST
2013-07-02 13:27 - 2013-07-02 13:27 - 00000000 __SHD C:\Documents and Settings\UpdatusUser\IETldCache
2013-07-02 13:26 - 2013-07-02 13:26 - 01372429 ____A (Farbar) C:\Documents and Settings\Allaho akbar\Desktop\FRST.exe
2013-07-01 17:03 - 2013-07-01 17:03 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Call of Juarez Gunslinger
2013-07-01 16:38 - 2013-07-01 16:38 - 00000676 ____A C:\Documents and Settings\All Users\Desktop\Call of Juarez Gunslinger.lnk
2013-06-30 15:53 - 2013-06-30 15:53 - 00018593 ____A C:\ComboFix.txt
2013-06-30 15:43 - 2013-06-30 15:44 - 05084379 ____R (Swearware) C:\Documents and Settings\Allaho akbar\Desktop\ComboFix_13.exe
2013-06-29 01:19 - 2012-12-30 22:48 - 08514304 ____A C:\Documents and Settings\Allaho akbar\Desktop\Star Trek Into Darkness NEW Trailer (2013) - JJ Abrams Movie HD - YouTube.flv
2013-06-29 01:19 - 2012-12-29 22:25 - 03098147 ____A C:\Documents and Settings\Allaho akbar\Desktop\Tom Waits - Little Drop Of Poison - YouTube.flv
2013-06-27 17:15 - 2013-06-27 17:16 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\NVIDIA
2013-06-27 17:11 - 2013-06-27 17:11 - 00000713 ____A C:\Documents and Settings\All Users\Desktop\Deadpool.lnk
2013-06-26 01:05 - 2013-06-26 01:09 - 00002370 ____A C:\Documents and Settings\Allaho akbar\Desktop\catchme.log
2013-06-25 19:56 - 2013-06-25 19:56 - 01814144 ____A (Bleeping Computer, LLC) C:\Documents and Settings\Allaho akbar\Desktop\iExplore.exe
2013-06-25 15:56 - 2013-06-30 15:53 - 00000000 ____D C:\Qoobox
2013-06-25 15:55 - 2013-06-25 15:54 - 05082330 ____R (Swearware) C:\Documents and Settings\Allaho akbar\Desktop\ComboFix.exe
2013-06-20 16:34 - 2013-06-20 16:34 - 00000333 ____A C:\Windows\Jimmy.xml
2013-06-20 16:16 - 2013-06-20 16:16 - 00000076 ____A C:\Windows\userList.xml
2013-06-20 16:16 - 2013-06-20 16:16 - 00000016 ____A C:\Windows\popcinfo.dat
2013-06-19 23:36 - 2013-06-19 23:36 - 00000005 ____A C:\Documents and Settings\Allaho akbar\Application Data\mbam.context.scan
2013-06-19 22:57 - 2013-06-19 22:57 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Desktop\New Folder
2013-06-19 15:28 - 2013-06-19 15:28 - 00000673 ____A C:\Documents and Settings\All Users\Desktop\Blueline.lnk
2013-06-19 15:25 - 2013-06-19 15:25 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Desktop\bluline
2013-06-18 22:40 - 2013-07-02 13:23 - 00000440 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Allaho akbar.job
2013-06-18 22:39 - 2013-07-01 22:49 - 00000430 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Allaho akbar.job
2013-06-18 22:39 - 2013-07-01 18:47 - 00000434 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Allaho akbar.job
2013-06-16 23:21 - 2013-06-16 23:22 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Desktop\Sherlock
2013-06-16 01:51 - 2013-06-16 01:51 - 00000000 ____A C:\Documents and Settings\Allaho akbar\Desktop\blueline.txt
2013-06-13 15:17 - 2013-06-19 14:15 - 00000015 ____A C:\Documents and Settings\Allaho akbar\Desktop\New Text Document (3).txt
2013-06-12 13:42 - 2013-06-12 13:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-11 23:19 - 2013-06-12 08:15 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-06-11 23:16 - 2013-06-11 23:17 - 00011337 ____A C:\Windows\KB2838727-IE8.log
2013-06-11 22:57 - 2013-06-12 13:42 - 00012710 ____A C:\Windows\KB2839229.log
2013-06-09 21:11 - 2013-06-09 21:45 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Ubisoft Game Launcher
2013-06-09 21:11 - 2013-06-09 21:11 - 00000772 ____A C:\Documents and Settings\All Users\Desktop\Call of Juarez The Cartel.lnk
2013-06-07 18:48 - 2013-06-07 18:48 - 00000596 ____A C:\Documents and Settings\Allaho akbar\Desktop\JRT.txt
2013-06-07 18:35 - 2013-06-07 18:43 - 00000000 ____D C:\JRT
2013-06-07 18:35 - 2013-06-07 18:35 - 00000000 ____D C:\Windows\ERUNT
2013-06-07 17:54 - 2013-06-07 18:28 - 00000000 ____D C:\Program Files\free-mp3-cutter
2013-06-05 22:53 - 2013-06-05 22:53 - 00000000 ____A C:\Documents and Settings\Allaho akbar\Desktop\New Text Document.txt
2013-06-05 19:15 - 2013-06-05 19:15 - 00001248 ____A C:\Documents and Settings\Allaho akbar\Desktop\ntbtlog.rar
2013-06-04 23:55 - 2013-06-04 23:55 - 00052663 ____A C:\Documents and Settings\Allaho akbar\Desktop\AutoRuns check 1.rar
2013-06-04 23:53 - 2013-06-04 23:55 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Desktop\Autoruns
2013-06-04 17:25 - 2013-06-04 17:25 - 00000000 ____D C:\HostsXpert
2013-06-04 17:24 - 2013-06-04 17:24 - 00357766 ____A C:\HostsXpert.zip
2013-06-04 15:52 - 2013-06-25 20:05 - 00093666 ____A C:\Documents and Settings\Allaho akbar\Desktop\OTL.Txt
2013-06-04 15:46 - 2013-06-25 20:00 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
2013-06-04 02:49 - 2013-06-04 02:49 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\SUPERAntiSpyware.com
2013-06-04 02:47 - 2013-06-04 02:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-04 02:47 - 2013-06-04 02:47 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-04 02:47 - 2013-06-04 02:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-04 01:40 - 2013-06-04 01:50 - 00000000 ____D C:\Documents and Settings\Allaho akbar\My Documents\call of juarez
2013-06-04 01:40 - 2013-06-04 01:40 - 00000710 ____A C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez DX9.lnk
2013-06-04 01:40 - 2013-06-04 01:40 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\Call of Juarez
2013-06-04 01:15 - 2013-06-04 13:53 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Tracing
2013-06-04 01:14 - 2013-06-04 01:14 - 00000000 ____D C:\Program Files\Windows Live SkyDrive
2013-06-04 01:13 - 2013-06-04 01:14 - 00000000 ____D C:\Program Files\Windows Live
2013-06-04 01:07 - 2013-06-04 01:07 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-06-04 01:03 - 2013-06-04 01:03 - 00001632 ____A C:\Documents and Settings\Allaho akbar\Desktop\Update Checker.lnk
2013-06-04 01:03 - 2013-06-04 01:03 - 00000000 ____D C:\Program Files\FileHippo.com
2013-06-04 00:59 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-04 00:59 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-04 00:59 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-04 00:59 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-04 00:59 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-04 00:59 - 2000-08-31 02:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-06-04 00:59 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-04 00:59 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-04 00:59 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-03 23:27 - 2013-07-02 02:12 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\QuickScan
2013-06-03 23:17 - 2013-06-03 23:17 - 00007726 ____A C:\Documents and Settings\Allaho akbar\Desktop\06032013_224954.log
2013-06-03 18:45 - 2013-06-03 18:45 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Desktop\Tarkan - Olurum Sana 1997
2013-06-03 02:11 - 2013-06-03 02:11 - 00262144 ____A C:\Windows\System32\config\elam
2013-06-03 02:11 - 2013-06-03 02:11 - 00001024 ___AH C:\Windows\System32\config\elam.LOG
2013-06-02 22:19 - 2013-07-02 13:22 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
2013-06-02 22:19 - 2013-06-02 22:19 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2013-06-02 22:19 - 2013-05-03 18:45 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\Application Data\Microsoft Help
2013-06-02 22:19 - 2012-11-16 01:23 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Application Data\desktop.ini
2013-06-02 22:18 - 2013-03-15 07:47 - 01012512 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco3231422.dll
2013-06-02 22:18 - 2013-03-15 07:47 - 00892704 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco3231422.dll
2013-06-02 18:11 - 2013-06-02 18:11 - 00374386 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-06-02 17:46 - 2013-07-02 14:12 - 00003338 ____A C:\Windows\System32\nvAppTimestamps
2013-06-02 17:41 - 2013-03-15 04:57 - 15668512 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-06-02 17:41 - 2013-03-15 04:57 - 00223008 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-06-02 17:41 - 2013-03-15 04:57 - 00156960 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc32.exe
2013-06-02 17:41 - 2013-03-15 04:57 - 00144160 ____A (NVIDIA Corporation) C:\Windows\System32\nvcolor.exe
2013-06-02 17:41 - 2013-03-15 04:57 - 00054272 ____A (NVIDIA Corporation) C:\Windows\System32\nvwddi.dll
2013-06-02 17:40 - 2012-09-23 16:28 - 00888168 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco32.dll
2013-06-02 17:37 - 2013-06-02 21:39 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\NVIDIA
2013-06-02 13:17 - 2013-06-02 13:17 - 00003908 ____A C:\Documents and Settings\Allaho akbar\Desktop\RpcSs.reg
2013-06-02 13:17 - 2013-06-02 13:17 - 00001054 ____A C:\Documents and Settings\Allaho akbar\Desktop\LEGACY_RPCSS.reg

==================== One Month Modified Files and Folders ========

2013-07-02 14:13 - 2013-07-02 14:13 - 00000000 ____D C:\FRST
2013-07-02 14:12 - 2013-06-02 17:46 - 00003338 ____A C:\Windows\System32\nvAppTimestamps
2013-07-02 13:43 - 2012-11-17 11:25 - 00000842 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 13:27 - 2013-07-02 13:27 - 00000000 __SHD C:\Documents and Settings\UpdatusUser\IETldCache
2013-07-02 13:26 - 2013-07-02 13:26 - 01372429 ____A (Farbar) C:\Documents and Settings\Allaho akbar\Desktop\FRST.exe
2013-07-02 13:25 - 2013-05-03 16:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2013-07-02 13:24 - 2012-11-28 19:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 13:24 - 2012-11-15 23:33 - 01582377 ____A C:\Windows\WindowsUpdate.log
2013-07-02 13:23 - 2013-06-18 22:40 - 00000440 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Allaho akbar.job
2013-07-02 13:23 - 2012-12-14 13:00 - 00000292 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job
2013-07-02 13:23 - 2012-11-18 13:36 - 00000300 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job
2013-07-02 13:23 - 2012-11-16 10:22 - 00000145 ____A C:\service.log
2013-07-02 13:22 - 2013-06-02 22:19 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
2013-07-02 13:22 - 2012-11-17 11:25 - 00000838 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 13:22 - 2012-11-16 10:30 - 00017488 ____A (Windows ® 2000 DDK provider) C:\Windows\gdrv.sys
2013-07-02 13:22 - 2012-11-16 01:25 - 00000159 ____A C:\Windows\wiadebug.log
2013-07-02 13:22 - 2012-11-16 01:25 - 00000050 ____A C:\Windows\wiaservc.log
2013-07-02 13:22 - 2012-11-15 23:38 - 00000062 __ASH C:\Documents and Settings\Allaho akbar\Local Settings\desktop.ini
2013-07-02 13:22 - 2012-11-15 23:37 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-07-02 13:22 - 2012-11-15 23:37 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 13:22 - 2012-11-15 23:36 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-07-02 02:32 - 2012-11-15 23:37 - 00032598 ____A C:\Windows\SchedLgU.Txt
2013-07-02 02:31 - 2012-11-17 11:55 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\DMCache
2013-07-02 02:31 - 2012-11-15 23:38 - 00000178 ___SH C:\Documents and Settings\Allaho akbar\ntuser.ini
2013-07-02 02:12 - 2013-06-03 23:27 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\QuickScan
2013-07-01 22:49 - 2013-06-18 22:39 - 00000430 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Allaho akbar.job
2013-07-01 18:47 - 2013-06-18 22:39 - 00000434 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Allaho akbar.job
2013-07-01 17:03 - 2013-07-01 17:03 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Call of Juarez Gunslinger
2013-07-01 17:03 - 2013-03-11 13:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Steam
2013-07-01 16:38 - 2013-07-01 16:38 - 00000676 ____A C:\Documents and Settings\All Users\Desktop\Call of Juarez Gunslinger.lnk
2013-07-01 02:07 - 2012-12-12 16:23 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\IDM
2013-06-30 15:53 - 2013-06-30 15:53 - 00018593 ____A C:\ComboFix.txt
2013-06-30 15:53 - 2013-06-25 15:56 - 00000000 ____D C:\Qoobox
2013-06-30 15:52 - 2006-02-28 14:00 - 00000227 ____A C:\Windows\system.ini
2013-06-30 15:44 - 2013-06-30 15:43 - 05084379 ____R (Swearware) C:\Documents and Settings\Allaho akbar\Desktop\ComboFix_13.exe
2013-06-29 18:11 - 2012-11-17 11:27 - 00002070 ____A C:\Windows\Sandboxie.ini
2013-06-28 14:56 - 2012-11-15 23:32 - 00185397 ____A C:\Windows\wmsetup.log
2013-06-28 13:44 - 2012-11-19 20:46 - 00000000 ____D C:\Documents and Settings\Allaho akbar\My Documents\My Games
2013-06-27 17:16 - 2013-06-27 17:15 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\NVIDIA
2013-06-27 17:13 - 2012-11-16 01:23 - 01032505 ____A C:\Windows\setupapi.log
2013-06-27 17:13 - 2012-11-15 23:33 - 00000000 ____D C:\Windows\System32\DirectX
2013-06-27 17:11 - 2013-06-27 17:11 - 00000713 ____A C:\Documents and Settings\All Users\Desktop\Deadpool.lnk
2013-06-26 01:09 - 2013-06-26 01:05 - 00002370 ____A C:\Documents and Settings\Allaho akbar\Desktop\catchme.log
2013-06-26 00:37 - 2013-04-25 11:07 - 00000000 ____D C:\Program Files\AzTools
2013-06-25 20:05 - 2013-06-04 15:52 - 00093666 ____A C:\Documents and Settings\Allaho akbar\Desktop\OTL.Txt
2013-06-25 20:00 - 2013-06-04 15:46 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
2013-06-25 19:57 - 2013-05-03 00:58 - 00003326 ____A C:\Documents and Settings\Allaho akbar\Desktop\Rkill.txt
2013-06-25 19:56 - 2013-06-25 19:56 - 01814144 ____A (Bleeping Computer, LLC) C:\Documents and Settings\Allaho akbar\Desktop\iExplore.exe
2013-06-25 15:54 - 2013-06-25 15:55 - 05082330 ____R (Swearware) C:\Documents and Settings\Allaho akbar\Desktop\ComboFix.exe
2013-06-24 14:51 - 2012-12-12 16:23 - 00000000 ____D C:\Program Files\Internet Download Manager
2013-06-20 16:34 - 2013-06-20 16:34 - 00000333 ____A C:\Windows\Jimmy.xml
2013-06-20 16:16 - 2013-06-20 16:16 - 00000076 ____A C:\Windows\userList.xml
2013-06-20 16:16 - 2013-06-20 16:16 - 00000016 ____A C:\Windows\popcinfo.dat
2013-06-20 15:57 - 2012-11-16 16:01 - 00000000 __HDC C:\Windows\$NtUninstallKB946648$
2013-06-19 23:36 - 2013-06-19 23:36 - 00000005 ____A C:\Documents and Settings\Allaho akbar\Application Data\mbam.context.scan
2013-06-19 22:57 - 2013-06-19 22:57 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Desktop\New Folder
2013-06-19 15:28 - 2013-06-19 15:28 - 00000673 ____A C:\Documents and Settings\All Users\Desktop\Blueline.lnk
2013-06-19 15:25 - 2013-06-19 15:25 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Desktop\bluline
2013-06-19 14:15 - 2013-06-13 15:17 - 00000015 ____A C:\Documents and Settings\Allaho akbar\Desktop\New Text Document (3).txt
2013-06-17 23:41 - 2012-11-17 17:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
2013-06-17 23:40 - 2012-11-18 13:31 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\Real
2013-06-17 19:01 - 2012-11-16 01:23 - 00176778 ____A C:\Windows\setupact.log
2013-06-16 23:22 - 2013-06-16 23:21 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Desktop\Sherlock
2013-06-16 01:51 - 2013-06-16 01:51 - 00000000 ____A C:\Documents and Settings\Allaho akbar\Desktop\blueline.txt
2013-06-13 14:59 - 2006-02-28 14:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-12 13:43 - 2012-12-06 16:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-06-12 13:42 - 2013-06-12 13:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-12 13:42 - 2013-06-11 22:57 - 00012710 ____A C:\Windows\KB2839229.log
2013-06-12 13:42 - 2012-11-16 01:23 - 01217908 ____A C:\Windows\iis6.log
2013-06-12 13:42 - 2012-11-16 01:23 - 01061944 ____A C:\Windows\FaxSetup.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00528287 ____A C:\Windows\ocgen.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00493150 ____A C:\Windows\tsoc.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00364129 ____A C:\Windows\comsetup.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00339062 ____A C:\Windows\msmqinst.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00220926 ____A C:\Windows\ntdtcsetup.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00187078 ____A C:\Windows\netfxocm.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00074923 ____A C:\Windows\MedCtrOC.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00059172 ____A C:\Windows\ocmsn.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00053967 ____A C:\Windows\tabletoc.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00053648 ____A C:\Windows\msgsocm.log
2013-06-12 13:42 - 2012-11-16 01:23 - 00001374 ____A C:\Windows\imsins.log
2013-06-12 08:15 - 2013-06-11 23:19 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-06-11 23:17 - 2013-06-11 23:16 - 00011337 ____A C:\Windows\KB2838727-IE8.log
2013-06-11 23:17 - 2012-11-16 16:09 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 23:17 - 2012-11-16 16:05 - 00000000 ____D C:\Windows\ie8updates
2013-06-11 23:17 - 2012-11-16 10:44 - 00175284 ____A C:\Windows\updspapi.log
2013-06-11 23:17 - 2012-11-16 01:23 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-10 22:04 - 2013-04-05 16:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2013-06-10 22:00 - 2013-04-17 17:12 - 00002305 ____A C:\Documents and Settings\Allaho akbar\Desktop\Rosetta Stone Version 3.lnk
2013-06-09 21:45 - 2013-06-09 21:11 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Ubisoft Game Launcher
2013-06-09 21:11 - 2013-06-09 21:11 - 00000772 ____A C:\Documents and Settings\All Users\Desktop\Call of Juarez The Cartel.lnk
2013-06-09 21:11 - 2012-11-20 17:59 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\SKIDROW
2013-06-08 17:22 - 2012-12-11 15:40 - 00000168 ____A C:\Documents and Settings\Allaho akbar\Desktop\PCH.txt
2013-06-07 18:48 - 2013-06-07 18:48 - 00000596 ____A C:\Documents and Settings\Allaho akbar\Desktop\JRT.txt
2013-06-07 18:43 - 2013-06-07 18:35 - 00000000 ____D C:\JRT
2013-06-07 18:35 - 2013-06-07 18:35 - 00000000 ____D C:\Windows\ERUNT
2013-06-07 18:28 - 2013-06-07 17:54 - 00000000 ____D C:\Program Files\free-mp3-cutter
2013-06-07 17:51 - 2013-05-10 15:18 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
2013-06-06 21:31 - 2012-11-16 10:25 - 00000000 ____D C:\Windows\System32\RTCOM
2013-06-06 21:31 - 2012-11-16 10:23 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-06-06 01:30 - 2012-11-16 18:38 - 00004334 ____A C:\Windows\COM+.log
2013-06-06 01:18 - 2012-11-15 23:32 - 00000000 ____D C:\Windows\Registration
2013-06-06 01:17 - 2012-11-16 01:23 - 00625884 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-05 22:53 - 2013-06-05 22:53 - 00000000 ____A C:\Documents and Settings\Allaho akbar\Desktop\New Text Document.txt
2013-06-05 19:15 - 2013-06-05 19:15 - 00001248 ____A C:\Documents and Settings\Allaho akbar\Desktop\ntbtlog.rar
2013-06-05 01:03 - 2012-12-15 19:56 - 00001026 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job
2013-06-05 01:03 - 2012-12-15 19:56 - 00001004 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job
2013-06-04 23:55 - 2013-06-04 23:55 - 00052663 ____A C:\Documents and Settings\Allaho akbar\Desktop\AutoRuns check 1.rar
2013-06-04 23:55 - 2013-06-04 23:53 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Desktop\Autoruns
2013-06-04 17:25 - 2013-06-04 17:25 - 00000000 ____D C:\HostsXpert
2013-06-04 17:24 - 2013-06-04 17:24 - 00357766 ____A C:\HostsXpert.zip
2013-06-04 17:15 - 2013-06-01 15:51 - 00000000 ____D C:\Documents and Settings\Allaho akbar\My Documents\Call of Juarez - Bound in Blood
2013-06-04 13:53 - 2013-06-04 01:15 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Tracing
2013-06-04 02:49 - 2013-06-04 02:49 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\SUPERAntiSpyware.com
2013-06-04 02:49 - 2013-06-04 02:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-04 02:47 - 2013-06-04 02:47 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-04 02:47 - 2013-06-04 02:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-04 01:50 - 2013-06-04 01:40 - 00000000 ____D C:\Documents and Settings\Allaho akbar\My Documents\call of juarez
2013-06-04 01:40 - 2013-06-04 01:40 - 00000710 ____A C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez DX9.lnk
2013-06-04 01:40 - 2013-06-04 01:40 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Application Data\Call of Juarez
2013-06-04 01:14 - 2013-06-04 01:14 - 00000000 ____D C:\Program Files\Windows Live SkyDrive
2013-06-04 01:14 - 2013-06-04 01:13 - 00000000 ____D C:\Program Files\Windows Live
2013-06-04 01:14 - 2012-11-16 01:23 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-04 01:07 - 2013-06-04 01:07 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-06-04 01:03 - 2013-06-04 01:03 - 00001632 ____A C:\Documents and Settings\Allaho akbar\Desktop\Update Checker.lnk
2013-06-04 01:03 - 2013-06-04 01:03 - 00000000 ____D C:\Program Files\FileHippo.com
2013-06-04 01:03 - 2012-11-16 10:16 - 00096768 ____A C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-04 00:58 - 2012-11-21 13:34 - 00000000 ____D C:\Windows\erdnt
2013-06-04 00:47 - 2012-11-15 23:32 - 00000000 ____D C:\Windows\System32\Restore
2013-06-04 00:46 - 2012-11-16 01:23 - 00361728 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-03 23:17 - 2013-06-03 23:17 - 00007726 ____A C:\Documents and Settings\Allaho akbar\Desktop\06032013_224954.log
2013-06-03 18:45 - 2013-06-03 18:45 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Desktop\Tarkan - Olurum Sana 1997
2013-06-03 02:11 - 2013-06-03 02:11 - 00262144 ____A C:\Windows\System32\config\elam
2013-06-03 02:11 - 2013-06-03 02:11 - 00001024 ___AH C:\Windows\System32\config\elam.LOG
2013-06-02 22:30 - 2012-11-16 18:12 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-02 22:19 - 2013-06-02 22:19 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2013-06-02 22:19 - 2013-06-01 23:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA
2013-06-02 22:19 - 2012-11-16 18:24 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-02 22:18 - 2013-06-01 23:33 - 01083296 ____A C:\Windows\System32\nvdrsdb1.bin
2013-06-02 22:18 - 2013-06-01 23:33 - 01083296 ____A C:\Windows\System32\nvdrsdb0.bin
2013-06-02 22:18 - 2013-06-01 23:33 - 00000001 ____A C:\Windows\System32\nvdrssel.bin
2013-06-02 21:39 - 2013-06-02 17:37 - 00000000 ____D C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\NVIDIA
2013-06-02 21:39 - 2013-06-01 23:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2013-06-02 18:11 - 2013-06-02 18:11 - 00374386 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-06-02 17:41 - 2013-06-01 23:33 - 00000000 ____A C:\Windows\System32\nvdrswr.lk
2013-06-02 17:41 - 2012-11-16 01:17 - 00000000 ____D C:\Windows\Help
2013-06-02 13:17 - 2013-06-02 13:17 - 00003908 ____A C:\Documents and Settings\Allaho akbar\Desktop\RpcSs.reg
2013-06-02 13:17 - 2013-06-02 13:17 - 00001054 ____A C:\Documents and Settings\Allaho akbar\Desktop\LEGACY_RPCSS.reg

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================












Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2013
Ran by Allaho akbar at 2013-07-02 14:14:33
Running from C:\Documents and Settings\Allaho akbar\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Audacity 2.0.3 (Version: 2.0.3)
Blueline 1.1.1
Browser Configuration Utility (Version: 1.1.11.0)
calibre (Version: 0.9.10)
Call of Juarez - Bound in Blood
Call of Juarez Gunslinger version 5.1 (Version: 5.1)
Call of Juarez The Cartel
Call of Juarez The Cartel version 1.0 (Version: 1.0)
Cambridge Advanced Learner's Dictionary - 3rd Edition
CDisplay (Version: 1.8.5)
Counter-Strike 1.6
Deadpool (Version: 1.0)
Devil May Cry 3 Special Edition (Version: 1.00.000)
EasyLingo v2.0
EasySaver B9.0610.1 (Version: 1.00.0000)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FileHippo.com Update Checker
FormatFactory 3.0.1 (Version: 3.0.1)
FreeArc 0.666 (Version: 0.666)
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Internet Download Manager
Kaspersky Internet Security 2013 (Version: 13.0.0.3370)
K-Lite Mega Codec Pack 9.9.0 (Version: 9.9.0)
LightScribe 1.4.124.1 (Version: 1.4.124.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 14.0.1468.721)
Nero 7 Essentials (Version: 7.02.4509)
NVIDIA Control Panel 314.22 (Version: 314.22)
NVIDIA Graphics Driver 314.22 (Version: 314.22)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OmegaT version 2.6.3
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Pawsoft Fass
Perfect Uninstaller v6.3.3.9
Power MP3 Recorder Cutter v6.2 (Version: 6.2)
QUICKfind server v1.1
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.23.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6873)
RealUpgrade 1.1 (Version: 1.1.0)
Rosetta Stone Version 3 (Version: 3.4.5.0)
Sandboxie 4.02 (32-bit) (Version: 4.02)
SecurityKISS Tunnel v0.3.0
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 6.8.12323)
Skype™ 6.3 (Version: 6.3.105)
SpywareBlaster 5.0 (Version: 5.0.0)
SUPERAntiSpyware (Version: 5.6.1020)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB Disk Security
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==================== Restore Points =========================

03-06-2013 22:47:14 System Checkpoint
04-06-2013 00:21:12 Software Distribution Service 3.0
04-06-2013 01:10:49 Software Distribution Service 3.0
04-06-2013 11:53:08 Software Distribution Service 3.0
04-06-2013 12:00:50 Removed Windows Live Messenger
04-06-2013 13:49:40 OTL Restore Point - 6/4/2013 03:49:36 PM
04-06-2013 17:39:54 Software Distribution Service 3.0
05-06-2013 01:32:42 Software Distribution Service 3.0
05-06-2013 15:17:01 Software Distribution Service 3.0
05-06-2013 23:19:30 Software Distribution Service 3.0
06-06-2013 19:31:31 Installed Realtek High Definition Audio Driver
08-06-2013 14:10:10 System Checkpoint
09-06-2013 14:20:43 System Checkpoint
11-06-2013 21:16:56 Software Distribution Service 3.0
12-06-2013 11:42:25 Software Distribution Service 3.0
14-06-2013 13:51:51 System Checkpoint
15-06-2013 21:45:05 System Checkpoint
17-06-2013 08:23:39 System Checkpoint
18-06-2013 13:58:40 System Checkpoint
19-06-2013 17:09:25 System Checkpoint
20-06-2013 20:59:57 System Checkpoint
21-06-2013 22:44:16 System Checkpoint
23-06-2013 14:18:50 System Checkpoint
24-06-2013 14:28:16 System Checkpoint
25-06-2013 18:44:09 System Checkpoint
27-06-2013 15:12:26 Installed DirectX
29-06-2013 12:25:47 System Checkpoint
30-06-2013 17:04:02 System Checkpoint
01-07-2013 18:06:34 System Checkpoint

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job => C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job => C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Allaho akbar.job => C:\Documents and Settings\Allaho akbar\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateXML_Allaho akbar.job => C:\Documents and Settings\Allaho akbar\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Allaho akbar.job => C:\Documents and Settings\Allaho akbar\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2013 02:11:37 AM) (Source: Application Hang) (User: )
Description: Hanging application avp.exe, version 13.0.0.3370, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/27/2013 06:45:21 PM) (Source: Application Hang) (User: )
Description: Hanging application DP.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/25/2013 01:01:19 AM) (Source: Application Hang) (User: )
Description: Hanging application UpdateUtility-Gui.exe, version 2.0.1.2015, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/16/2013 09:24:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/16/2013 01:51:06 AM) (Source: Microsoft Visual FoxPro 9) (User: )
Description: blueline.exe1.1.1.047139f24vbame.dll2.0.2.53675583e00000233b

Error: (06/05/2013 05:17:22 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (06/05/2013 05:17:22 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error: (06/05/2013 05:17:21 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (06/05/2013 03:33:03 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (06/05/2013 03:33:02 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.


System errors:
=============
Error: (07/02/2013 01:43:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/02/2013 01:22:37 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.3 for the Network Card with network address 6CF049D17FAE has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/01/2013 10:16:17 PM) (Source: EventLog) (User: )
Description: A driver packet received from the I/O subsystem was invalid. The data is the
packet.

Error: (07/01/2013 11:43:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/01/2013 06:43:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/01/2013 04:14:32 PM) (Source: EventLog) (User: )
Description: A driver packet received from the I/O subsystem was invalid. The data is the
packet.

Error: (07/01/2013 04:14:38 PM) (Source: EventLog) (User: )
Description: A driver packet received from the I/O subsystem was invalid. The data is the
packet.

Error: (07/01/2013 04:14:40 PM) (Source: EventLog) (User: )
Description: A driver packet received from the I/O subsystem was invalid. The data is the
packet.

Error: (07/01/2013 04:14:42 PM) (Source: EventLog) (User: )
Description: A driver packet received from the I/O subsystem was invalid. The data is the
packet.

Error: (07/01/2013 04:14:44 PM) (Source: EventLog) (User: )
Description: A driver packet received from the I/O subsystem was invalid. The data is the
packet.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 2046.42 MB
Available physical RAM: 1511.61 MB
Total Pagefile: 3933.82 MB
Available Pagefile: 3447.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:65.8 GB) (Free:18.81 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:100.01 GB) (Free:6.24 GB) NTFS
Drive e: () (Fixed) (Total:150.01 GB) (Free:16.42 GB) NTFS
Drive f: () (Fixed) (Total:149.94 GB) (Free:20.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 10991098)
Partition 1: (Active) - (Size=66 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=400 GB) - (Type=05)

==================== End Of Log ============================
  • 0

#4
emeraldnzl
Posted 02 July 2013 - 04:32 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello blink10,

I have been using my computer in a normal fashion .


I wonder what that means. :lol:

There is a suspicious item showing in the OTL log but the file is missing so I don't think it is active. Maybe you got the file when you ran ComboFix which I see in your logs. Let's see if you can find the relevant logs:

Right click on Start > Explore and navigate to:

:\Qoobox folder (most likely C:\Qoobox\ComboFix.txt) and past the contents of the text file back here.

Note: ComboFix.txt are numbered so if there was more than one run for instance you might find C:\Qoobox\ComboFix2.txt. etc.

Also

The list of deletions performed by CF can be found in the :\Qoobox\ComboFix-quarantined-files.txt:

Copy the contents and post back here.

Some comments:

You have RegistryMechanic a registry cleaner. I believe that you have already been alerted to the dangers of registry cleaners but here are my thoughts:

"Registry cleaners are notorious for causing problems on peoples computers. Often the problem doesn't appear until well down the track. A small change to the registry can go unnoticed until one day you call on that function and find it won't work anymore or alternatively an associated utility doesn't work properly.

Actually, in almost all cases it is not necessary to clean your registry."

If you are looking for something to optimise your registry then NTREGOPT would be a way to go.

And

P2P programs inevitably lead to infection when used for recreational purposes. I think you have also been told about that.

Now

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
So when you return please post
  • ComboFix.txt
  • ComboFix. quarantined files list
  • JRT.txt
  • 0

#5
blink10
Posted 02 July 2013 - 08:26 PM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

There is a suspicious item showing in the OTL log




Can you tell me which one is that so could look through the multiple combofix versions / folders?


I used to have registry cleaners and P2P programs but now I don't , not that I am aware of Posted Image
  • 0

#6
emeraldnzl
Posted 02 July 2013 - 08:35 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Can you tell me which one is that so could look through the multiple combofix versions / folders?


DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ahd2awzv)

In any event it would be good to see what is in ComboFix quarantine.

I used to have registry cleaners and P2P programs but now I don't , not that I am aware of


HKU\Default User\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED [x]

HKU\Default User\...\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H [x]

Could be just left over orphans. :P
  • 0

#7
blink10
Posted 03 July 2013 - 11:29 PM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
I have found 2 combofix logs run on the 25th and 26th of June

They are called Combofix 2 and Combofix 3 but No1 is not there

Combofix 3 was created on the 25th which I find a bit weird since the names should have been the other way around.




This is combofix 3 log



ComboFix 13-06-24.01 - Allaho akbar 06/25/2013 15:58:31.43.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.2046.1469 [GMT 2:00]
Running from: c:\documents and settings\Allaho akbar\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Allaho akbar\Desktop\Setup.exe
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-05-25 to 2013-06-25 )))))))))))))))))))))))))))))))
.
.
2013-06-11 21:19 . 2013-06-12 06:15 -------- d-----w- c:\windows\system32\MpEngineStore
2013-06-09 19:11 . 2013-06-09 19:45 -------- d-----w- c:\documents and settings\Allaho akbar\Local Settings\Application Data\Ubisoft Game Launcher
2013-06-07 16:35 . 2013-06-07 16:35 -------- d-----w- c:\windows\ERUNT
2013-06-07 16:35 . 2013-06-07 16:43 -------- d-----w- C:\JRT
2013-06-07 15:54 . 2013-06-07 16:28 -------- d-----w- c:\program files\free-mp3-cutter
2013-06-05 23:14 . 2013-06-05 23:14 -------- d-----w- c:\windows\system32\URTTEMP
2013-06-04 15:25 . 2013-06-04 15:25 -------- d-----w- C:\HostsXpert
2013-06-04 00:49 . 2013-06-04 00:49 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\SUPERAntiSpyware.com
2013-06-04 00:47 . 2013-06-04 00:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-04 00:47 . 2013-06-04 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-03 23:40 . 2013-06-03 23:40 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\Call of Juarez
2013-06-03 23:15 . 2013-06-04 11:53 -------- d-----w- c:\documents and settings\Allaho akbar\Tracing
2013-06-03 23:14 . 2013-06-03 23:14 -------- d-----w- c:\program files\Microsoft
2013-06-03 23:14 . 2013-06-03 23:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2013-06-03 23:13 . 2013-06-03 23:14 -------- d-----w- c:\program files\Windows Live
2013-06-03 23:07 . 2013-06-03 23:07 -------- d-----w- c:\program files\Common Files\Windows Live
2013-06-03 23:03 . 2013-06-03 23:03 -------- d-----w- c:\program files\FileHippo.com
2013-06-03 21:27 . 2013-06-17 23:41 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\QuickScan
2013-06-02 20:19 . 2013-06-09 19:11 -------- d-----w- c:\documents and settings\UpdatusUser
2013-06-01 21:27 . 2013-03-15 05:47 6074368 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-01 21:26 . 2013-03-15 05:47 7745536 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-01 21:26 . 2013-03-15 05:47 2733344 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-01 21:26 . 2013-03-15 05:47 2490368 ----a-w- c:\windows\system32\nvapi.dll
2013-06-01 21:26 . 2013-03-15 05:47 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-01 21:26 . 2013-03-15 05:47 19689472 ----a-w- c:\windows\system32\nvoglnt.dll
2013-06-01 21:26 . 2013-03-15 05:47 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-01 21:21 . 2013-06-01 21:21 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\Call of Juarez - Bound in Blood
2013-06-01 15:14 . 2013-06-01 15:14 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\Malwarebytes
2013-06-01 15:14 . 2013-06-01 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-01 15:14 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-01 01:13 . 2013-06-01 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-01 01:03 . 2013-06-01 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-01 00:30 . 2013-06-01 00:30 -------- d-----w- C:\ProcessExplorer
2013-05-28 23:25 . 2013-03-17 16:21 3649536 ----a-w- c:\windows\system32\x264vfw.dll
2013-05-28 23:25 . 2011-12-07 17:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2013-05-28 23:25 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2013-05-28 23:25 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2013-05-28 23:25 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2013-05-28 23:24 . 2011-12-21 17:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2013-05-28 23:24 . 2013-04-29 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-05-28 14:41 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-05-28 14:41 . 2001-08-17 11:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-05-27 15:25 . 2013-05-27 15:25 -------- d-----w- c:\documents and settings\Allaho akbar\Local Settings\Application Data\Shrew Soft VPN
2013-05-27 15:25 . 2013-05-27 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Shrew Soft VPN
2013-05-27 12:23 . 2013-03-27 14:57 79432 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2013-05-27 12:23 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2013-05-27 12:23 . 2012-06-22 13:48 25816 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 13:07 . 2012-11-16 08:30 17488 ----a-w- c:\windows\gdrv.sys
2013-06-04 15:24 . 2013-06-04 15:24 357766 ----a-w- C:\HostsXpert.zip
2013-05-25 15:00 . 2012-11-21 13:02 115912 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2013-05-22 12:14 . 2013-05-22 12:14 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-22 12:14 . 2013-05-22 12:14 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-07 22:30 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2006-02-28 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-20 12:36 . 2013-04-20 12:36 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-04-10 01:31 . 2006-02-28 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-29 19:42 . 2012-11-16 08:25 5444680 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-11-26 1525088]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-06-24 3565432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2012-07-31 658632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-05-31 218880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-15 15668512]
"NvMediaCenter"="NvMCTray.dll" [2013-03-15 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-15 1982312]
"RTHDCPL"="RTHDCPL.EXE" [2013-03-12 20143688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-18 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Allaho akbar^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2011-07-27 03:13 434080 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-12-15 17:56 138096 ----atw- c:\documents and settings\Allaho akbar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-02-28 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 02:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2006-02-28 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-08-25 20:27 545552 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-11-18 11:31 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"NBService"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Allaho akbar\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"f:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"f:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\R.G. Mechanics\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"f:\\Program Files\\Black_Box\\Call of Juarez The Cartel\\CoJ_TheCartel.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/28/2012 09:10 AM 717296]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/21/2012 03:02 PM 115912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [5/12/2012 05:13 PM 43696]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [5/24/2012 11:34 AM 140120]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 06:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 11:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [5/23/2013 10:11 PM 119056]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [11/16/2012 10:22 AM 68136]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/27/2012 06:34 PM 39728]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [5/25/2012 07:38 PM 23896]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/25/2012 07:30 PM 24408]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [4/15/2013 03:27 PM 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 07:09 PM 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/16/2012 10:25 AM 1691480]
S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys --> c:\windows\system32\DRIVERS\virtualnet.sys [?]
S4 PciCon;PciCon;\??\g:\pcicon.sys --> g:\PciCon.sys [?]
S4 pflt;Shrew Soft Miniport Filter;c:\windows\system32\DRIVERS\vfilter.sys --> c:\windows\system32\DRIVERS\vfilter.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 20:43 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-28 17:47]
.
2013-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job
- c:\documents and settings\Allaho akbar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-15 17:56]
.
2013-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job
- c:\documents and settings\Allaho akbar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-15 17:56]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-17 09:25]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-17 09:25]
.
2013-06-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2013-06-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2013-06-23 c:\windows\Tasks\ReclaimerUpdateFiles_Allaho akbar.job
- c:\documents and settings\Allaho akbar\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 21:41]
.
2013-06-24 c:\windows\Tasks\ReclaimerUpdateXML_Allaho akbar.job
- c:\documents and settings\Allaho akbar\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 21:41]
.
2013-06-25 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Allaho akbar.job
- c:\documents and settings\Allaho akbar\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 21:41]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-BCU - c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-25 16:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5b5f951b-5d5e-437f-b362-4fb2618863c5}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007e
"Therad"=dword:00000016
"SpecVersion"=dword:00000045
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7f,43,0a,b1,00,ae,c5,1c,a3,56,38,b0,c0,a0,6e,cf,12,95,e4,2c,4d,
a2,5b,89,a3,21,b5,e6,2c,64,1f,8c,a8,c0,02,91,da,f6,68,02,00,00,00,00,00,00,\
.
Completion time: 2013-06-25 16:04:51
ComboFix-quarantined-files.txt 2013-06-25 14:04
.
Pre-Run: 13,325,733,888 bytes free
Post-Run: 13,065,723,904 bytes free
.
- - End Of File - - 27B364FFAD7ADB4107427C5250166B70
8F558EB6672622401DA993E1E865C861







Combofix log 2




ComboFix 13-06-26.01 - Allaho akbar 06/26/2013 19:52:52.44.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.2046.1489 [GMT 2:00]
Running from: c:\documents and settings\Allaho akbar\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2013-05-26 to 2013-06-26 )))))))))))))))))))))))))))))))
.
.
2013-06-11 21:19 . 2013-06-12 06:15 -------- d-----w- c:\windows\system32\MpEngineStore
2013-06-09 19:11 . 2013-06-09 19:45 -------- d-----w- c:\documents and settings\Allaho akbar\Local Settings\Application Data\Ubisoft Game Launcher
2013-06-07 16:35 . 2013-06-07 16:35 -------- d-----w- c:\windows\ERUNT
2013-06-07 16:35 . 2013-06-07 16:43 -------- d-----w- C:\JRT
2013-06-07 15:54 . 2013-06-07 16:28 -------- d-----w- c:\program files\free-mp3-cutter
2013-06-05 23:14 . 2013-06-05 23:14 -------- d-----w- c:\windows\system32\URTTEMP
2013-06-04 15:25 . 2013-06-04 15:25 -------- d-----w- C:\HostsXpert
2013-06-04 00:49 . 2013-06-04 00:49 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\SUPERAntiSpyware.com
2013-06-04 00:47 . 2013-06-04 00:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-04 00:47 . 2013-06-04 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-03 23:40 . 2013-06-03 23:40 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\Call of Juarez
2013-06-03 23:15 . 2013-06-04 11:53 -------- d-----w- c:\documents and settings\Allaho akbar\Tracing
2013-06-03 23:14 . 2013-06-03 23:14 -------- d-----w- c:\program files\Microsoft
2013-06-03 23:14 . 2013-06-03 23:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2013-06-03 23:13 . 2013-06-03 23:14 -------- d-----w- c:\program files\Windows Live
2013-06-03 23:07 . 2013-06-03 23:07 -------- d-----w- c:\program files\Common Files\Windows Live
2013-06-03 23:03 . 2013-06-03 23:03 -------- d-----w- c:\program files\FileHippo.com
2013-06-03 21:27 . 2013-06-17 23:41 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\QuickScan
2013-06-02 20:19 . 2013-06-09 19:11 -------- d-----w- c:\documents and settings\UpdatusUser
2013-06-01 21:27 . 2013-03-15 05:47 6074368 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-01 21:26 . 2013-03-15 05:47 7745536 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-01 21:26 . 2013-03-15 05:47 2733344 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-01 21:26 . 2013-03-15 05:47 2490368 ----a-w- c:\windows\system32\nvapi.dll
2013-06-01 21:26 . 2013-03-15 05:47 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-01 21:26 . 2013-03-15 05:47 19689472 ----a-w- c:\windows\system32\nvoglnt.dll
2013-06-01 21:26 . 2013-03-15 05:47 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-01 21:21 . 2013-06-01 21:21 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\Call of Juarez - Bound in Blood
2013-06-01 15:14 . 2013-06-01 15:14 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\Malwarebytes
2013-06-01 15:14 . 2013-06-01 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-01 15:14 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-01 01:13 . 2013-06-01 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-01 01:03 . 2013-06-01 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-01 00:30 . 2013-06-01 00:30 -------- d-----w- C:\ProcessExplorer
2013-05-28 23:25 . 2013-03-17 16:21 3649536 ----a-w- c:\windows\system32\x264vfw.dll
2013-05-28 23:25 . 2011-12-07 17:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2013-05-28 23:25 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2013-05-28 23:25 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2013-05-28 23:25 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2013-05-28 23:24 . 2011-12-21 17:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2013-05-28 23:24 . 2013-04-29 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-05-28 14:41 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-05-28 14:41 . 2001-08-17 11:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 15:49 . 2012-11-16 08:30 17488 ----a-w- c:\windows\gdrv.sys
2013-06-04 15:24 . 2013-06-04 15:24 357766 ----a-w- C:\HostsXpert.zip
2013-05-25 15:00 . 2012-11-21 13:02 115912 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2013-05-22 12:14 . 2013-05-22 12:14 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-22 12:14 . 2013-05-22 12:14 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-07 22:30 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2006-02-28 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-20 12:36 . 2013-04-20 12:36 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-04-10 01:31 . 2006-02-28 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-29 19:42 . 2012-11-16 08:25 5444680 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-11-26 1525088]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-06-24 3565432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2012-07-31 658632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-05-31 218880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-15 15668512]
"NvMediaCenter"="NvMCTray.dll" [2013-03-15 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-15 1982312]
"RTHDCPL"="RTHDCPL.EXE" [2013-03-12 20143688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-18 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Allaho akbar^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2011-07-27 03:13 434080 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-12-15 17:56 138096 ----atw- c:\documents and settings\Allaho akbar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-02-28 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 02:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2006-02-28 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-08-25 20:27 545552 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-11-18 11:31 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"NBService"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Allaho akbar\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"f:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"f:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\R.G. Mechanics\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"f:\\Program Files\\Black_Box\\Call of Juarez The Cartel\\CoJ_TheCartel.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/28/2012 09:10 AM 717296]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/21/2012 03:02 PM 115912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [5/12/2012 05:13 PM 43696]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [5/24/2012 11:34 AM 140120]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 06:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 11:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [5/23/2013 10:11 PM 119056]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [11/16/2012 10:22 AM 68136]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/27/2012 06:34 PM 39728]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [5/25/2012 07:38 PM 23896]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/25/2012 07:30 PM 24408]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [4/15/2013 03:27 PM 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 07:09 PM 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/16/2012 10:25 AM 1691480]
S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys --> c:\windows\system32\DRIVERS\virtualnet.sys [?]
S4 PciCon;PciCon;\??\g:\pcicon.sys --> g:\PciCon.sys [?]
S4 pflt;Shrew Soft Miniport Filter;c:\windows\system32\DRIVERS\vfilter.sys --> c:\windows\system32\DRIVERS\vfilter.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-28 17:47]
.
2013-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job
- c:\documents and settings\Allaho akbar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-15 17:56]
.
2013-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job
- c:\documents and settings\Allaho akbar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-15 17:56]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-17 09:25]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-17 09:25]
.
2013-06-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2013-06-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2013-06-25 c:\windows\Tasks\ReclaimerUpdateFiles_Allaho akbar.job
- c:\documents and settings\Allaho akbar\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 21:41]
.
2013-06-25 c:\windows\Tasks\ReclaimerUpdateXML_Allaho akbar.job
- c:\documents and settings\Allaho akbar\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 21:41]
.
2013-06-26 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Allaho akbar.job
- c:\documents and settings\Allaho akbar\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 21:41]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-26 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5b5f951b-5d5e-437f-b362-4fb2618863c5}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007e
"Therad"=dword:00000016
"SpecVersion"=dword:00000045
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7f,43,0a,b1,00,ae,c5,1c,a3,56,38,b0,c0,a0,6e,cf,12,95,e4,2c,4d,
a2,5b,89,a3,21,b5,e6,2c,64,1f,8c,a8,c0,02,91,da,f6,68,02,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(976)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
.
Completion time: 2013-06-26 19:59:37
ComboFix-quarantined-files.txt 2013-06-26 17:59
ComboFix2.txt 2013-06-25 14:04
.
Pre-Run: 10,718,969,856 bytes free
Post-Run: 10,699,939,840 bytes free
.
- - End Of File - - 1AF8108925025B1DCD03CA9A84BE933A
8F558EB6672622401DA993E1E865C861




Combofix quarantined files



2013-06-25 14:04:19 . 2013-06-25 14:04:19 437 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96}.reg.dat
2013-06-25 14:04:16 . 2013-06-25 14:04:16 624 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-BCU.reg.dat
2013-06-25 14:01:32 . 2013-06-30 13:50:30 7,417 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-06-25 13:58:29 . 2013-06-30 13:47:04 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-06-25 13:56:41 . 2013-06-30 13:46:06 204 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-06-18 16:20:30 . 2008-10-09 12:25:52 444,844,191 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Allaho akbar\Desktop\Setup.exe.vir
2013-06-03 01:21:00 . 2013-06-03 01:21:00 1,470 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\etc\hosts.txt.vir






That setup file in the quarantine is pretty big and I am asking your permission to delete it from the quarantine folder , to clear some space.




The JRT log does not seem to add a lot of info but here it is



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Allaho akbar on Wed 07/03/2013 at 4:08:47.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/03/2013 at 4:11:28.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#8
emeraldnzl
Posted 04 July 2013 - 02:16 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

That setup file in the quarantine is pretty big and I am asking your permission to delete it from the quarantine folder , to clear some space.


What was if for?

While I don't think that file is the cause, it seems your machines problem started after running ComboFix. Why I wanted to see what was in quarantine. :)

I wonder, have you tried a system restore to a date before the problem manifest? Might be something to think about.

Firstly though let's do this:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :folderfind
*ahd2awzv*
:file
*DP.exe*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

After that

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]When you return please post
  • results of the SystemLook scan
  • FSS.txt
  • 0

#9
blink10
Posted 05 July 2013 - 07:15 AM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
I really find a hard time recognizing that setup file.

No , I did not run system restore.

here are the logs

Farbar Service Scanner Version: 27-06-2013
Ran by Allaho akbar (administrator) on 05-07-2013 at 15:13:01
Running from "C:\Documents and Settings\Allaho akbar\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) kltdi(9) NetBT(6) pflt(10) PSched(7) Tcpip(4)
0x0A0000000800000005000000010000000200000003000000040000000900000006000000070000000A000000


**** End of log ****







SystemLook 30.07.11 by jpshortstuff
Log created at 15:10 on 05/07/2013 by Allaho akbar
Administrator - Elevation successful

========== folderfind ==========

Searching for "*ahd2awzv*"
No folders found.

========== file ==========

*DP.exe* - Unable to find/read file.

-= EOF =-
  • 0

#10
emeraldnzl
Posted 05 July 2013 - 02:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I really find a hard time recognizing that setup file.


Did you download Chrome by any chance. Actually though I can't see that that file would have caused the problem.

It seems the ones we were looking for with SystemLook have gone too.

Let's do this:

Please download ESET's Service Repair Tool.

  • Save it to your desktop
  • Right click on it an run it as Administrator
After that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me if there has been any change in your machine.

  • 0

Advertisements

#11
blink10
Posted 06 July 2013 - 03:47 PM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
I see no difference in the PC after running all those programs.

Someone shut down my PC while I was away but it was completed. I ran it later again before looking for the log and it seems everything is in order but I did not remove ESET yet.



ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=01d3b9db438438408c5cffe5a44f2428
# engine=14286
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-06 03:50:23
# local_time=2013-07-06 05:50:23 (+0200, Egypt Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1286 16777213 100 95 16049 34601427 0 0
# scanned=202876
# found=7
# cleaned=7
# scan_time=14895
sh=062EB4ADDFDF8E845AF75F98B596E459F518094D ft=0 fh=0000000000000000 vn="Win32/OpenCandy application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Allaho akbar\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-eu.cab"
sh=2DE50229B0B0A12BF5A2C2467711C78300A70598 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Allaho akbar\My Documents\Downloads\Compressed\FFSetup3.0.1.zip"
sh=F43A66F5AC79276A3E27467D5DD100DDCFA61891 ft=1 fh=80399c2706f2ad8c vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Allaho akbar\My Documents\Downloads\Compressed\FFSetup3.0.1\FFSetup3.0.1.exe"
sh=A89B724E60217DCBEE0AF63722F39E63A28AF47D ft=1 fh=929469d6ae24668c vn="a variant of Win32/PerfectUninstaller application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Perfect Uninstaller\PU.exe"
sh=C6A6F13118AFA887F3E3C1E8F181ED5695487A00 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application (deleted - quarantined)" ac=C fn="F:\compressed\FFSetup245.zip"
sh=5DF6940BAD3E38B1FD7ABCAB37AB3564D2DC3227 ft=1 fh=a3238b6b630b2c32 vn="a variant of Win32/PerfectUninstaller application (cleaned by deleting - quarantined)" ac=C fn="F:\New Folder\PerfectUninstaller_Setup.exe"
sh=DDED81F18DE94BE75CA2B8441E2E81F9A3B991E6 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Widgi application (deleted - quarantined)"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=01d3b9db438438408c5cffe5a44f2428
# engine=14286
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-06 08:33:29
# local_time=2013-07-06 10:33:29 (+0200, Egypt Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1286 16777213 100 95 4521 34618413 0 0
# scanned=982
# found=0
# cleaned=0
# scan_time=36
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=01d3b9db438438408c5cffe5a44f2428
# engine=14289
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-06 10:20:20
# local_time=2013-07-06 12:20:20 (+0200, Egypt Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1286 16777213 100 95 3813 34624824 0 0
# scanned=119
# found=0
# cleaned=0
# scan_time=1
  • 0

#12
emeraldnzl
Posted 06 July 2013 - 07:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I see no difference in the PC after running all those programs.


Okay I think our next best option is to try a System Restore to a point before this happened.

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in the Safe Mode, access the Windows System Restore utility and choose a restore point that dates back to a time when your computer was running normally. Proceed to restore your computer.

Restart your computer normally. Come back and tell me if there has been any change.
  • 0

#13
blink10
Posted 07 July 2013 - 08:38 AM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
I think the problem started on the 24th or the 25th of June , I went back to the 20th and there is still no progress.
I have an idea, how about we make a bat file that starts explorer.exe and put it in the registry startup.
  • 0

#14
blink10
Posted 07 July 2013 - 09:31 AM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Something strange just went down.
  • I made a batch file to start explorer.exe and placed it in the start up folder. I ran it manually before rebooting and it opens the my documents folder in explore mode which I fined peculiar.
  • Upon rebooting the first time since the system restore, I noticed the icons appeared and then after a while a cmd window flashed for a second and the my documents opened in explore mode.
  • That made me doubt that the batch file started a bit slower and the icons appearing had nothing to do with it , so I removed the shortcut to the bat folder from start up and rebooted the PC.

Eureka , it works now :D thanks for your help Emeraldnzl

The PC seems sluggish a bit though

  • 0

#15
blink10
Posted 07 July 2013 - 10:47 AM

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
I actually believe it all started with the installation of the new nvidia geforce 320.49 and that setup file was just a dictionary
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP