Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Easy to guess... Google redirect virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 MechRazor

MechRazor

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 August 2010 - 12:42 PM

Hi, I'm new to this forum. I have recently encountered a very common problem with google redirecting. Basically, when I click search on google with a specific keyword and then click the link, google will take me either somewhere else or will just open a blank window. I have tried most of the antivirus softwares, and none of them detected anything suspicious, so I simply gave up and thought that you could help me, since you're experts on this matter. Take a look at this log please, and let me know what's wrong with it. Thank you in advance!

DDS (Ver_10-03-17.01) - NTFSX64
Run by Adrian at 18:32:51.92 on 10/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4087.2871 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxcrcoms.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Adrian\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
mRun-x64: [lxcrmon.exe] "c:\program files (x86)\lexmark 2400 series\lxcrmon.exe"
mRun-x64: [EzPrint] "c:\program files (x86)\lexmark 2400 series\ezprint.exe"
mRun-x64: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\x64\3\LXCRtime.dll,RunDLLEntry
mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

================= FIREFOX ===================

FF - ProfilePath - c:\users\adrian\appdata\roaming\mozilla\firefox\profiles\175au929.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 123200]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-30 1255736]

=============== Created Last 30 ================

2010-08-09 22:08:05 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-08-09 22:08:05 0 d-----w- c:\program files (x86)\PowerISO
2010-08-09 00:37:35 0 d-----w- C:\TDSSKiller_Quarantine
2010-08-08 23:50:59 0 d-----w- c:\program files (x86)\CCleaner
2010-08-08 23:41:37 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-08 23:18:59 0 d-----w- c:\programdata\ESET
2010-08-08 23:18:59 0 d-----w- c:\program files\ESET
2010-08-05 17:36:06 218808 ----a-w- c:\windows\syswow64\PnkBstrB.xtr
2010-08-05 15:41:35 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-08-05 15:41:34 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-08-05 15:41:33 2434856 ----a-w- c:\windows\syswow64\pbsvc_bc2.exe
2010-08-04 15:02:56 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-04 00:21:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-02 18:32:46 0 d-----w- c:\programdata\FLEXnet
2010-08-02 01:05:40 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-08-02 01:05:36 0 d-----w- c:\program files (x86)\common files\BioWare
2010-08-01 22:45:32 0 d-----w- c:\users\adrian\appdata\roaming\NVIDIA
2010-08-01 22:18:42 0 d-----w- c:\programdata\NVIDIA
2010-08-01 22:18:10 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-08-01 22:18:01 0 d-----w- c:\programdata\NVIDIA Corporation
2010-08-01 22:17:57 0 d-----w- c:\program files\NVIDIA Corporation
2010-08-01 15:44:04 0 d-----w- c:\programdata\Adobe
2010-08-01 15:43:48 0 d-----w- c:\program files (x86)\Bonjour
2010-08-01 15:42:13 0 d-----w- c:\windows\syswow64\spool
2010-08-01 15:41:09 0 d-----w- c:\program files (x86)\common files\Macrovision Shared
2010-07-31 14:04:22 419840 ----a-w- c:\windows\system32\systemcpl.dll
2010-07-31 13:58:37 0 d-----w- C:\Programs
2010-07-31 13:57:50 0 d-----w- c:\program files\WinRAR
2010-07-31 13:56:05 0 d-----w- c:\program files (x86)\uTorrent
2010-07-31 13:55:24 0 d-----w- c:\users\adrian\appdata\roaming\uTorrent
2010-07-30 19:09:18 0 d-----w- c:\windows\syswow64\Wat
2010-07-30 19:09:18 0 d-----w- c:\windows\system32\Wat
2010-07-30 18:46:10 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-30 18:46:10 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-07-30 18:44:09 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-30 18:44:09 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-30 18:44:09 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-30 18:44:09 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-30 18:44:09 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-30 18:44:09 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-30 18:44:08 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-30 18:44:08 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-07-30 18:44:08 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-30 18:44:08 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-07-30 18:43:54 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-07-30 16:45:35 453456 ----a-w- c:\windows\syswow64\d3dx10_42.dll
2010-07-30 16:45:17 0 d-----w- c:\windows\syswow64\xlive
2010-07-30 16:45:17 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2010-07-30 14:08:19 2414360 ----a-w- c:\windows\syswow64\d3dx9_31.dll
2010-07-30 14:08:19 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2010-07-30 02:30:37 0 d-----w- c:\windows\Panther
2010-07-30 02:30:25 8192 --sha-r- C:\BOOTSECT.BAK
2010-07-30 02:30:23 383562 --sha-r- C:\bootmgr
2010-07-30 02:30:23 0 d-sh--w- C:\Boot
2010-07-30 02:06:59 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-07-30 02:05:56 46592 ----a-w- c:\windows\system32\msasn1.dll
2010-07-30 01:31:16 0 d-----w- c:\program files (x86)\common files\Steam
2010-07-30 01:31:15 0 d-----w- c:\program files (x86)\Steam
2010-07-30 01:22:42 0 d-----w- c:\program files\ALLPlayer
2010-07-30 00:55:20 0 d-----w- c:\program files\lx_cats
2010-07-30 00:55:04 0 d-----w- c:\program files\Lexmark 2400 Series
2010-07-30 00:55:01 0 d-----w- c:\program files (x86)\Lexmark Toolbar
2010-07-30 00:55:01 0 d-----w- c:\program files (x86)\Lexmark 2400 Series
2010-07-30 00:55:00 991232 ----a-w- c:\windows\syswow64\lxcrusb1.dll
2010-07-30 00:54:54 654336 ----a-w- c:\windows\system32\lxcrutil.dll
2010-07-30 00:53:45 0 d-----w- C:\drivers
2010-07-29 21:56:13 0 d-----w- c:\programdata\Sun
2010-07-29 21:56:05 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-29 21:56:05 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-29 21:56:05 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-29 21:56:05 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-29 20:58:01 0 d-----w- c:\program files (x86)\GameSpy Arcade
2010-07-29 20:57:53 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-07-29 20:57:16 0 d-sh--w- c:\windows\Installer
2010-07-29 20:57:15 0 d-----w- c:\program files (x86)\Microsoft Games
2010-07-29 19:58:01 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-29 19:57:50 0 d-----w- c:\program files (x86)\DAEMON Tools Lite
2010-07-29 19:57:33 0 d-----w- c:\users\adrian\appdata\roaming\DAEMON Tools Lite
2010-07-29 19:57:31 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-07-29 19:55:12 0 d-----w- c:\users\adrian\appdata\roaming\DAEMON Tools Pro
2010-07-29 19:55:12 0 d-----w- c:\programdata\DAEMON Tools Pro
2010-07-29 18:00:31 0 d-----w- c:\windows\syswow64\Macromed
2010-07-29 17:58:53 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-07-29 17:45:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-07-29 17:45:00 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-07-29 17:44:59 139264 ----a-w- c:\windows\system32\cabview.dll
2010-07-29 17:44:59 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-07-29 17:42:51 0 d-----w- C:\Music
2010-07-29 17:42:46 0 d-----w- C:\Movies
2010-07-29 17:42:41 0 d-----w- C:\Games
2010-07-29 17:39:54 171136 --sha-r- C:\grldr
2010-07-29 17:39:54 171136 ----a-w- C:\grldr.bak
2010-07-29 17:39:28 0 d-sh--w- C:\Recovery
2010-07-29 17:32:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== Find3M ====================

2010-07-31 14:04:22 14848 ----a-w- c:\windows\system32\slwga.dll
2010-07-31 14:04:22 13824 ----a-w- c:\windows\syswow64\slwga.dll
2010-07-09 15:27:02 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 15:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 15:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 15:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 15:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-19 19:48:12 144384 ----a-w- c:\windows\system32\cdd.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:33:20.05 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 PM

Posted 16 August 2010 - 05:04 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
      netsvcs
      drivers32 /all
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\*.wt
      %systemroot%\system32\*.ruy
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\user32.dll /md5
      %systemroot%\system32\ws2_32.dll /md5
      %systemroot%\system32\ws2help.dll /md5
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time,

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. The two logs from OTL
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MechRazor

MechRazor
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 17 August 2010 - 09:20 AM

Hi, thanks for reply. As requested, I performed a scan by using Malwarebytes Anti Malware software and it seems that it hasn't detected any malware, here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/08/2010 14:54:19
mbam-log-2010-08-18 (14-54-19).txt

Scan type: Quick scan
Objects scanned: 112126
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


However, the fact that it hasn't detected any malware, may be caused by an error that I receive when I'm trying to update the software to a newer version. Error message box says: "An error has occured. Please report this error code to our support team. MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)"

Except that, I also used OTL software. Here is the first log called "OTL.txt"

OTL logfile created on: 18/08/2010 15:07:41 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Adrian\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 326.43 Gb Free Space | 70.09% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.46 Gb Total Space | 0.14 Gb Free Space | 1.88% Space Free | Partition Type: FAT32
Drive F: | 465.76 Gb Total Space | 199.28 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADRIAN-PC
Current User Name: Adrian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/18 15:06:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
PRC - [2010/08/16 20:53:27 | 000,218,808 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/08/05 16:41:34 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/07/31 14:56:05 | 000,327,984 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/07/30 02:33:41 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/07/30 02:33:09 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/07/23 03:09:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/23 03:09:38 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2007/01/11 13:57:22 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
PRC - [2006/12/11 11:11:58 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe


========== Modules (SafeList) ==========

MOD - [2010/08/18 15:06:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009/09/29 13:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2006/12/11 11:12:22 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcrcoms.exe -- (lxcr_device)
SRV - [2010/08/16 20:53:27 | 000,218,808 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/08/05 16:41:34 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/01 16:41:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/30 02:33:41 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2006/12/11 11:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/29 20:58:01 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/29 13:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 13:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 12:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A AC 06 B6 AE 3D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/09 00:04:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/09 00:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/08/09 00:19:00 | 000,000,000 | ---D | M]

[2010/08/09 00:04:54 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Mozilla\Extensions
[2010/08/18 02:18:32 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\175au929.default\extensions
[2010/08/09 00:06:41 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\175au929.default\extensions\Strata40@SpewBoy.au
[2010/08/09 00:06:41 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\175au929.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2010/08/09 00:04:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/29 22:56:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/29 22:55:59 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/09 01:32:59 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [LXCRCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCRtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.26 213.109.75.213
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/26 17:45:39 | 000,779,496 | R--- | M] (BioWare) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/10/26 22:21:41 | 000,000,054 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/10/14 14:40:04 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{1c7e47d3-9b37-11df-ad87-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1c7e47d3-9b37-11df-ad87-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2009/10/26 17:45:39 | 000,779,496 | R--- | M] (BioWare)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/18 15:05:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
[2010/08/18 14:50:49 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Malwarebytes
[2010/08/18 14:50:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/18 14:50:38 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/18 14:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/18 14:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/17 14:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\I-Doser
[2010/08/16 22:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAPI-PROJEKT
[2010/08/16 01:05:00 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\BioGame
[2010/08/16 00:54:53 | 000,000,000 | ---D | C] -- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
[2010/08/16 00:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/08/16 00:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect 2
[2010/08/13 20:43:04 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\2K Games
[2010/08/09 23:10:22 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Documents\Downloaded Installations
[2010/08/09 23:08:05 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/08/09 23:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/08/09 01:37:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/08/09 00:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/08/09 00:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/09 00:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/08/09 00:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/09 00:04:51 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Mozilla
[2010/08/05 18:36:03 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\PunkBuster
[2010/08/05 18:36:00 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Documents\BFBC2
[2010/08/05 15:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/08/02 19:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/08/02 19:32:41 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Adobe
[2010/08/02 18:46:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/02 02:28:52 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Stacy Character Pack
[2010/08/02 02:05:40 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/08/02 02:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/08/01 23:45:32 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\NVIDIA
[2010/08/01 23:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/08/01 23:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/08/01 23:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/01 23:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/08/01 23:17:38 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/08/01 23:17:38 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/08/01 23:17:29 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/08/01 23:05:59 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Documents\BioWare
[2010/08/01 19:36:53 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Diagnostics
[2010/08/01 16:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/08/01 16:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/01 16:42:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/08/01 16:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/08/01 16:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/08/01 16:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/07/31 14:58:37 | 000,000,000 | ---D | C] -- C:\Programs
[2010/07/31 14:58:00 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\WinRAR
[2010/07/31 14:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/31 14:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/07/31 14:55:24 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\uTorrent
[2010/07/30 20:09:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/07/30 20:09:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/30 17:49:10 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Documents\Rockstar Games
[2010/07/30 17:47:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/07/30 17:45:50 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Rockstar Games
[2010/07/30 17:45:45 | 000,000,000 | RH-D | C] -- C:\Users\Adrian\AppData\Roaming\SecuROM
[2010/07/30 17:45:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/07/30 17:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/07/30 15:07:48 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Winamp
[2010/07/30 15:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010/07/30 03:30:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/07/30 03:30:23 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/07/30 02:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/07/30 02:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/07/30 02:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\ALLPlayer
[2010/07/30 01:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\lx_cats
[2010/07/30 01:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2400 Series
[2010/07/30 01:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar
[2010/07/30 01:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 2400 Series
[2010/07/30 01:55:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrserv.dll
[2010/07/30 01:55:00 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrusb1.dll
[2010/07/30 01:55:00 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomc.dll
[2010/07/30 01:55:00 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpmui.dll
[2010/07/30 01:55:00 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrlmpm.dll
[2010/07/30 01:55:00 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcoms.exe
[2010/07/30 01:55:00 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomm.dll
[2010/07/30 01:55:00 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrinpa.dll
[2010/07/30 01:55:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcriesc.dll
[2010/07/30 01:55:00 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrih.exe
[2010/07/30 01:55:00 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrppls.exe
[2010/07/30 01:55:00 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrprox.dll
[2010/07/30 01:55:00 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpplc.dll
[2010/07/30 01:55:00 | 000,077,824 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXCRcfg.dll
[2010/07/30 01:54:54 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrserv.dll
[2010/07/30 01:54:54 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrusb1.dll
[2010/07/30 01:54:54 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\LXCRhcp.dll
[2010/07/30 01:54:54 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrinpa.dll
[2010/07/30 01:54:54 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxcriesc.dll
[2010/07/30 01:54:54 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrprox.dll
[2010/07/30 01:54:53 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrcomc.dll
[2010/07/30 01:54:53 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrcoms.exe
[2010/07/30 01:54:53 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrlmpm.dll
[2010/07/30 01:54:53 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrpmui.dll
[2010/07/30 01:54:53 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrcomm.dll
[2010/07/30 01:54:53 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrih.exe
[2010/07/30 01:54:53 | 000,064,512 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\LXCRcfg.dll
[2010/07/30 01:54:53 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrpplc.dll
[2010/07/30 01:53:45 | 000,000,000 | ---D | C] -- C:\drivers
[2010/07/29 22:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/29 22:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/29 22:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/07/29 22:29:37 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Documents\My Games
[2010/07/29 21:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2010/07/29 21:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/07/29 21:57:16 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/07/29 21:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/07/29 21:01:38 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Mozilla
[2010/07/29 21:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/07/29 20:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/07/29 20:57:33 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\DAEMON Tools Lite
[2010/07/29 20:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/07/29 20:55:12 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\DAEMON Tools Pro
[2010/07/29 20:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010/07/29 19:00:33 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Macromedia
[2010/07/29 19:00:33 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Adobe
[2010/07/29 19:00:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/07/29 18:42:51 | 000,000,000 | ---D | C] -- C:\Music
[2010/07/29 18:42:46 | 000,000,000 | ---D | C] -- C:\Movies
[2010/07/29 18:42:41 | 000,000,000 | ---D | C] -- C:\Games
[2010/07/29 18:41:31 | 000,000,000 | R--D | C] -- C:\Users\Adrian\Searches
[2010/07/29 18:41:31 | 000,000,000 | -H-D | C] -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/29 18:41:23 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Identities
[2010/07/29 18:41:21 | 000,000,000 | R--D | C] -- C:\Users\Adrian\Contacts
[2010/07/29 18:41:20 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\VirtualStore
[2010/07/29 18:41:09 | 000,000,000 | --SD | C] -- C:\Users\Adrian\AppData\Roaming\Microsoft
[2010/07/29 18:41:09 | 000,000,000 | R--D | C] -- C:\Users\Adrian\Videos
[2010/07/29 18:41:09 | 000,000,000 | R--D | C] -- C:\Users\Adrian\Saved Games
[2010/07/29 18:41:09 | 000,000,000 | R--D | C] -- C:\Users\Adrian\Pictures
[2010/07/29 18:41:09 | 000,000,000 | R--D | C] -- C:\Users\Adrian\Music
[2010/07/29 18:41:09 | 000,000,000 | R--D | C] -- C:\Users\Adrian\Links
[2010/07/29 18:41:09 | 000,000,000 | R--D | C] -- C:\Users\Adrian\Favorites
[2010/07/29 18:41:09 | 000,000,000 | R--D | C] -- C:\Users\Adrian\Downloads
[2010/07/29 18:41:09 | 000,000,000 | R--D | C] -- C:\Users\Adrian\My Documents
[2010/07/29 18:41:09 | 000,000,000 | R--D | C] -- C:\Users\Adrian\Desktop
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\AppData\Local\Temporary Internet Files
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\Templates
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\Start Menu
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\SendTo
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\Recent
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\PrintHood
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\NetHood
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\Documents\My Videos
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\Documents\My Pictures
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\Documents\My Music
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\My Documents
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\Local Settings
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\AppData\Local\History
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\Cookies
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\Application Data
[2010/07/29 18:41:09 | 000,000,000 | -HSD | C] -- C:\Users\Adrian\AppData\Local\Application Data
[2010/07/29 18:41:09 | 000,000,000 | -H-D | C] -- C:\Users\Adrian\AppData
[2010/07/29 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Temp
[2010/07/29 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Microsoft
[2010/07/29 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Media Center Programs
[2010/07/29 18:39:28 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/07/29 18:34:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/29 18:32:05 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/29 18:31:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/18 15:08:04 | 001,310,720 | -HS- | M] () -- C:\Users\Adrian\NTUSER.DAT
[2010/08/18 15:06:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
[2010/08/18 14:50:41 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/18 14:49:30 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/18 14:49:30 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/18 14:49:30 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/18 14:44:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/18 14:44:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/18 14:44:44 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/18 14:43:51 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 14:43:51 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 14:43:44 | 002,647,358 | -H-- | M] () -- C:\Users\Adrian\AppData\Local\IconCache.db
[2010/08/16 22:18:54 | 000,001,054 | ---- | M] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk
[2010/08/16 22:18:54 | 000,001,030 | ---- | M] () -- C:\Users\Adrian\Desktop\NapiProjekt.lnk
[2010/08/16 22:07:45 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/08/16 20:53:27 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/14 14:59:58 | 002,197,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 23:08:06 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/08/09 00:51:01 | 000,001,062 | ---- | M] () -- C:\Users\Adrian\Desktop\CCleaner.lnk
[2010/08/09 00:04:49 | 000,002,018 | ---- | M] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/09 00:04:49 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/06 20:28:14 | 000,001,929 | ---- | M] () -- C:\Users\Adrian\Desktop\Battlefield Bad Company 2.lnk
[2010/08/05 21:43:34 | 000,057,984 | ---- | M] () -- C:\Users\Adrian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/05 16:41:34 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/08/05 16:41:34 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/08/04 01:21:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/02 02:05:40 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/07/31 14:56:05 | 000,000,967 | ---- | M] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/31 14:56:05 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/07/30 15:08:20 | 000,001,003 | ---- | M] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/30 15:08:20 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/07/30 11:37:49 | 000,000,219 | ---- | M] () -- C:\Users\Adrian\Desktop\Left 4 Dead 2.url
[2010/07/30 03:30:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/30 03:03:52 | 000,000,221 | ---- | M] () -- C:\Users\Adrian\Desktop\Star Wars Knights of the Old Republic.url
[2010/07/30 03:03:02 | 000,000,221 | ---- | M] () -- C:\Users\Adrian\Desktop\Grand Theft Auto Episodes from Liberty City.url
[2010/07/30 03:02:35 | 000,000,221 | ---- | M] () -- C:\Users\Adrian\Desktop\Mass Effect.url
[2010/07/30 02:35:32 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/30 01:57:25 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 2400 Series.LNK
[2010/07/30 01:55:18 | 000,018,352 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/07/29 21:58:02 | 000,000,996 | ---- | M] () -- C:\Users\Adrian\Desktop\GameSpy Arcade.lnk
[2010/07/29 21:58:00 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Halo.lnk
[2010/07/29 20:58:01 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/29 20:58:01 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/07/29 19:14:26 | 000,524,288 | -HS- | M] () -- C:\Users\Adrian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/29 19:14:26 | 000,524,288 | -HS- | M] () -- C:\Users\Adrian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/29 19:14:26 | 000,065,536 | -HS- | M] () -- C:\Users\Adrian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/29 18:44:10 | 000,001,437 | ---- | M] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/29 18:41:09 | 000,000,020 | -HS- | M] () -- C:\Users\Adrian\ntuser.ini
[2010/07/29 18:35:08 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/29 18:35:08 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/07/29 18:32:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/09 23:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/09 23:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/09 23:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/18 14:50:41 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 22:18:54 | 000,001,054 | ---- | C] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk
[2010/08/16 22:18:54 | 000,001,030 | ---- | C] () -- C:\Users\Adrian\Desktop\NapiProjekt.lnk
[2010/08/09 23:08:06 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/08/09 00:51:01 | 000,001,062 | ---- | C] () -- C:\Users\Adrian\Desktop\CCleaner.lnk
[2010/08/09 00:04:49 | 000,002,018 | ---- | C] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/09 00:04:49 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/06 20:28:14 | 000,001,929 | ---- | C] () -- C:\Users\Adrian\Desktop\Battlefield Bad Company 2.lnk
[2010/08/05 21:42:54 | 000,067,068 | ---- | C] () -- C:\Users\Adrian\Desktop\engraversoldenglishnormal.ttf
[2010/08/05 18:36:06 | 000,218,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/08/05 16:41:35 | 000,218,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/05 16:41:34 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/08/05 16:41:33 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/08/04 01:21:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/01 23:17:38 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/07/31 14:56:05 | 000,000,967 | ---- | C] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/31 14:56:05 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/07/30 15:08:20 | 000,001,003 | ---- | C] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/30 15:08:20 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/07/30 11:37:49 | 000,000,219 | ---- | C] () -- C:\Users\Adrian\Desktop\Left 4 Dead 2.url
[2010/07/30 03:30:25 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/07/30 03:30:23 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/07/30 03:03:52 | 000,000,221 | ---- | C] () -- C:\Users\Adrian\Desktop\Star Wars Knights of the Old Republic.url
[2010/07/30 03:03:02 | 000,000,221 | ---- | C] () -- C:\Users\Adrian\Desktop\Grand Theft Auto Episodes from Liberty City.url
[2010/07/30 03:02:35 | 000,000,221 | ---- | C] () -- C:\Users\Adrian\Desktop\Mass Effect.url
[2010/07/30 02:31:15 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/30 01:57:25 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 2400 Series.LNK
[2010/07/30 01:55:00 | 000,535,647 | ---- | C] () -- C:\Windows\SysWow64\lxcrhelp.chm
[2010/07/30 01:55:00 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcrcomx.dll
[2010/07/30 01:55:00 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCRinst.dll
[2010/07/30 01:55:00 | 000,002,365 | ---- | C] () -- C:\Windows\SysWow64\lxcr.loc
[2010/07/30 01:54:54 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\LXCRinst.dll
[2010/07/30 01:54:53 | 000,535,647 | ---- | C] () -- C:\Windows\SysNative\lxcrhelp.chm
[2010/07/30 01:54:53 | 000,018,352 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/07/30 01:54:53 | 000,002,365 | ---- | C] () -- C:\Windows\SysNative\lxcr.loc
[2010/07/29 21:58:02 | 000,000,996 | ---- | C] () -- C:\Users\Adrian\Desktop\GameSpy Arcade.lnk
[2010/07/29 21:58:00 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Halo.lnk
[2010/07/29 20:58:01 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/29 20:58:01 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/07/29 18:44:10 | 000,001,437 | ---- | C] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/29 18:41:09 | 000,524,288 | -HS- | C] () -- C:\Users\Adrian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/29 18:41:09 | 000,524,288 | -HS- | C] () -- C:\Users\Adrian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/29 18:41:09 | 000,262,144 | -HS- | C] () -- C:\Users\Adrian\ntuser.dat.LOG1
[2010/07/29 18:41:09 | 000,065,536 | -HS- | C] () -- C:\Users\Adrian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/29 18:41:09 | 000,000,290 | ---- | C] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/29 18:41:09 | 000,000,272 | ---- | C] () -- C:\Users\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/29 18:41:09 | 000,000,020 | -HS- | C] () -- C:\Users\Adrian\ntuser.ini
[2010/07/29 18:41:09 | 000,000,000 | -HS- | C] () -- C:\Users\Adrian\ntuser.dat.LOG2
[2010/07/29 18:41:08 | 001,310,720 | -HS- | C] () -- C:\Users\Adrian\NTUSER.DAT
[2010/07/29 18:39:54 | 000,171,136 | RHS- | C] () -- C:\grldr
[2010/07/29 18:39:54 | 000,171,136 | ---- | C] () -- C:\grldr.bak
[2010/07/29 18:32:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/29 18:31:28 | 3214,237,696 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/07/29 21:55:10 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DAEMON Tools Lite
[2010/07/29 20:55:12 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DAEMON Tools Pro
[2010/08/18 15:08:37 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\uTorrent
[2009/07/14 06:08:49 | 000,017,230 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/07/30 03:30:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/08/02 09:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr
[2009/08/02 09:59:51 | 000,171,136 | ---- | M] () -- C:\grldr.bak
[2010/08/18 14:44:44 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/18 14:44:47 | 4285,652,992 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

And here is the second log called: "Extras.txt"

OTL Extras logfile created on: 18/08/2010 15:07:41 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Adrian\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 326.43 Gb Free Space | 70.09% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.46 Gb Total Space | 0.14 Gb Free Space | 1.88% Space Free | Partition Type: FAT32
Drive F: | 465.76 Gb Total Space | 199.28 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADRIAN-PC
Current User Name: Adrian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4183655A-5FC6-4A23-A804-7764145EC57C}" = ESET NOD32 Antivirus
"Lexmark 2400 Series" = Lexmark 2400 Series
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"CCleaner" = CCleaner
"GameSpy Arcade" = GameSpy Arcade
"Halo" = Microsoft Halo
"I-Doser 4.50" = I-Doser 4.50
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 17460" = Mass Effect
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 50280" = Mafia II - Demo
"Steam App 550" = Left 4 Dead 2
"uTorrent" = µTorrent
"Winamp" = Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/08/2010 11:09:06 | Computer Name = Adrian-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 16/08/2010 17:24:33 | Computer Name = Adrian-PC | Source = Application Hang | ID = 1002
Description = The program ALLPlayer.exe version 3.7.6.5 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2bc Start
Time: 01cb3d895f60128e Termination Time: 63 Application Path: C:\Program Files\ALLPlayer\ALLPlayer.exe

Report
Id: a7f433cc-a97c-11df-8e4e-0030674031be

Error - 17/08/2010 09:49:53 | Computer Name = Adrian-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 17/08/2010 09:49:53 | Computer Name = Adrian-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 17/08/2010 12:36:12 | Computer Name = Adrian-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 17/08/2010 12:36:12 | Computer Name = Adrian-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 18/08/2010 09:42:00 | Computer Name = Adrian-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 18/08/2010 09:42:00 | Computer Name = Adrian-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 18/08/2010 09:44:59 | Computer Name = Adrian-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 18/08/2010 09:44:59 | Computer Name = Adrian-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

[ System Events ]
Error - 13/08/2010 16:17:23 | Computer Name = Adrian-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 13/08/2010 20:00:16 | Computer Name = Adrian-PC | Source = Microsoft-Windows-Time-Service | ID = 34
Description = The time service has detected that the system time needs to be changed
by -86394 seconds. The time service will not change the system time by more than
54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working
properly.

Error - 14/08/2010 14:25:52 | Computer Name = Adrian-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 14/08/2010 16:29:18 | Computer Name = Adrian-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 14/08/2010 19:00:17 | Computer Name = Adrian-PC | Source = Microsoft-Windows-Time-Service | ID = 34
Description = The time service has detected that the system time needs to be changed
by -86395 seconds. The time service will not change the system time by more than
54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.197.32:123) is working
properly.

Error - 15/08/2010 09:58:06 | Computer Name = Adrian-PC | Source = Microsoft-Windows-Time-Service | ID = 34
Description = The time service has detected that the system time needs to be changed
by -86395 seconds. The time service will not change the system time by more than
54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working
properly.

Error - 15/08/2010 15:32:33 | Computer Name = Adrian-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 16/08/2010 15:52:39 | Computer Name = Adrian-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 18/08/2010 09:43:50 | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7038
Description = The WinDefend service was unable to log on as NT AUTHORITY\SYSTEM
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 18/08/2010 09:43:50 | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Defender service failed to start due to the following
error: %%1069


< End of report >

After I performed all these tasks, the computer seems to be slightly faster but I still have the issues with google redirecting everytime I want to search something. Thank you in advance and I can't wait for your next reply!

Edited by MechRazor, 17 August 2010 - 09:24 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 PM

Posted 18 August 2010 - 10:46 AM

Hello

Here are the things I want you to do next.


Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.



Uninstall Malwarebytes
  • Click on the Start button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 PM

Posted 21 August 2010 - 06:14 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:59 PM

Posted 24 August 2010 - 02:03 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users