Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox password issues, admin shares messed up


  • This topic is locked This topic is locked
2 replies to this topic

#1 Scottykilg

Scottykilg

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County CA
  • Local time:01:47 AM

Posted 24 January 2012 - 10:55 AM

I have admin shares that are blocked and I am the only admin with no other users. Some Microsoft scan said I had a lot of locked files. My firefox has about 6 versions..I just dont know whats going on here...I do have my original xp pro cd.

Operating System
MS Windows XP Professional 32-bit SP3
CPU
Intel Pentium 4 530
Prescott 90nm Technology
RAM
1.50 GB Dual-Channel DDR @ 160MHz (2.5-4-4-8)
Motherboard
Intel Corporation D915GAG (J2E1) 47 C
Graphics
e17t4 (1280x960@60Hz)
Intel® 82915G Express Chipset Family
Hard Drives
78GB Western Digital WDC WD800JD-00LSA0 (SATA) 25 C
Optical Drives
SONY DVD RW DW-Q28A
Audio
Realtek High Definition Audio



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by Owner at 4:55:07 on 2012-01-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.624 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\My Documents\Downloads\NDP20SP2-KB974417-x86.exe
c:\9b1f357cc373bcec5e2a7859\HotFixInstaller.exe
C:\WINDOWS\system32\msiexec.exe
c:\WINDOWS\system32\MsiExec.exe
.
============== Pseudo HJT Report ===============
.
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TaskTray]
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TNOD UP] "c:\program files\tnod user & password finder\TNODUP.exe" /i
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2A32E6B7-F554-4303-B9CA-F4145C9EE63E} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: schannel.dll, credssp.dll, digest.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\ow2d66ui.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z180&form=ZGAADF&install_date=20120120&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\ow2d66ui.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-7-13 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-7-13 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-7-13 13616]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-14 132768]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-1-14 12184]
R2 MSSQL$MAPS;SQL Server (MAPS);c:\program files\microsoft sql server\mssql10_50.maps\mssql\binn\sqlservr.exe [2010-4-3 42884448]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-1-13 27064]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$MAPS;SQL Server Agent (MAPS);c:\program files\microsoft sql server\mssql10_50.maps\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
.
=============== Created Last 30 ================
.
2012-01-24 12:54:51 -------- d-----w- C:\9b1f357cc373bcec5e2a7859
2012-01-24 11:27:38 -------- d-----w- c:\program files\Microsoft Corporation
2012-01-24 11:27:38 -------- d-----w- c:\documents and settings\all users\application data\msat
2012-01-24 11:17:48 -------- d-----w- c:\program files\NirSoft
2012-01-24 11:12:02 -------- d-----w- C:\promqryui
2012-01-24 11:02:05 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-01-24 10:56:05 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7106e694-eeef-44ce-be43-4d26b9ebbd36}\mpengine.dll
2012-01-24 10:55:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-24 10:54:11 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2012-01-24 10:53:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-24 10:30:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-01-24 10:22:45 -------- d-----w- c:\program files\Microsoft Assessment and Planning Toolkit
2012-01-24 10:21:06 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.MAPS-sqlagtctr.dll
2012-01-24 10:20:34 73568 ----a-w- c:\windows\system32\perf-MSSQL$MAPS-sqlctr10.50.1600.1.dll
2012-01-24 10:19:26 -------- d-----w- c:\windows\system32\RsFx
2012-01-24 10:12:56 -------- d-----w- c:\program files\Microsoft SQL Server
2012-01-24 10:09:03 -------- d-----w- C:\SQLEXPRESS
2012-01-24 09:52:54 -------- d-----w- c:\documents and settings\owner\SecurityScans
2012-01-24 09:52:35 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2012-01-21 06:38:39 81920 ----a-w- c:\windows\ALCFDRTM.VER
2012-01-21 06:38:39 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2012-01-20 17:33:49 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations
2012-01-20 14:31:09 98304 ----a-w- c:\windows\system32\qttask.exe
2012-01-20 14:30:14 53248 ----a-w- c:\windows\system32\vp6dec_settings.cpl
2012-01-20 14:30:03 98304 ----a-w- c:\windows\system32\startup.cpl
2012-01-20 14:30:03 122880 ----a-w- c:\windows\system32\directx.cpl
2012-01-20 14:30:03 106544 ----a-w- c:\windows\system32\tweakui.cpl
2012-01-20 14:28:44 417792 ----a-w- c:\windows\system32\ac3filter.cpl
2012-01-20 14:28:43 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2012-01-20 14:24:05 1154048 ----a-w- c:\windows\is-6OJ6N.exe
2012-01-20 14:24:02 79872 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-20 13:22:58 -------- d-s---w- C:\ComboFix
2012-01-20 13:02:29 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-20 13:02:28 -------- d-----w- c:\program files\Trend Micro
2012-01-20 10:58:07 -------- d--h--w- c:\windows\msdownld.tmp
2012-01-20 10:57:32 -------- d-----w- c:\program files\Essentials Codec Pack
2012-01-20 10:55:02 -------- d-----w- c:\documents and settings\owner\application data\Nullsoft
2012-01-20 10:46:12 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2012-01-20 10:45:55 -------- d-----w- c:\program files\common files\xing shared
2012-01-20 10:45:41 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-01-20 10:45:35 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2012-01-20 10:25:19 -------- d-----w- c:\program files\common files\DivX Shared
2012-01-20 10:21:30 -------- d-----w- c:\program files\DivX
2012-01-20 10:20:45 -------- d-----w- c:\documents and settings\all users\application data\DivX
2012-01-17 23:49:06 53248 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-01-17 19:47:07 -------- d-----w- c:\windows\system32\Lang
2012-01-17 07:50:17 -------- d-----w- c:\program files\eBay
2012-01-17 07:50:17 -------- d-----w- c:\documents and settings\all users\eBay
2012-01-16 23:36:36 -------- d-----w- c:\program files\Xiph.Org
2012-01-16 23:31:00 -------- d-----w- c:\program files\FLAC
2012-01-16 20:27:37 -------- d-----w- c:\documents and settings\owner\application data\Unity
2012-01-16 20:06:33 -------- d-----w- c:\documents and settings\owner\local settings\application data\Unity
2012-01-16 20:02:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-01-16 20:01:33 -------- d-----w- c:\program files\Microsoft
2012-01-16 20:01:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-01-16 19:59:33 74520 ----a-w- c:\program files\common files\windows live\.cache\5dba4bc01ccd489\DSETUP.dll
2012-01-16 19:59:33 484632 ----a-w- c:\program files\common files\windows live\.cache\5dba4bc01ccd489\DXSETUP.exe
2012-01-16 19:59:33 1670936 ----a-w- c:\program files\common files\windows live\.cache\5dba4bc01ccd489\dsetup32.dll
2012-01-16 18:57:45 -------- d-----w- c:\program files\TNod User & Password Finder
2012-01-16 17:22:36 315392 ----a-w- c:\windows\HideWin.exe
2012-01-16 16:54:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-16 16:54:30 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-16 16:28:04 -------- d-----w- c:\program files\TNod User & Password Finder(2)
2012-01-16 07:54:45 -------- d-----w- C:\Backup
2012-01-16 07:53:48 -------- d-----w- c:\windows\system32\NtmsData
2012-01-16 07:06:27 -------- d-----w- c:\documents and settings\owner\application data\TuneUp Software
2012-01-16 07:06:11 -------- d-----w- c:\program files\TuneUp Utilities 2011
2012-01-16 07:06:00 -------- d-----w- c:\documents and settings\all users\application data\TuneUp Software
2012-01-16 07:03:02 -------- d--h--w- c:\documents and settings\owner\Recent(2)
2012-01-16 06:37:04 -------- d-----w- c:\program files\common files\Windows Live
2012-01-16 04:23:57 -------- d-----w- c:\documents and settings\owner\application data\Playrix Entertainment
2012-01-16 03:09:05 -------- d-----w- c:\program files\GameHouse
2012-01-16 00:28:47 839680 ----a-w- c:\windows\system32\lameACM.acm
2012-01-16 00:28:46 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-01-16 00:28:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-01-15 09:22:11 -------- d-----w- C:\eDrivers_Backup
2012-01-15 09:20:33 -------- d-----w- c:\program files\walker
2012-01-15 08:11:54 -------- d-----w- c:\program files\Lionhead Studios Ltd
2012-01-15 07:16:59 -------- d-----w- c:\program files\Siber Systems
2012-01-15 06:37:37 -------- d-----w- C:\patchmypc.net
2012-01-15 02:54:33 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2012-01-15 02:40:51 -------- d-----w- c:\windows\system32\DirectX
2012-01-15 02:40:47 -------- d-----w- c:\windows\Logs
2012-01-15 02:08:41 -------- d-----w- c:\windows\system32\RTCOM
2012-01-14 23:16:48 -------- d-----w- c:\documents and settings\owner\application data\PBlackout
2012-01-14 23:11:30 -------- d-----w- c:\program files\BandiMPEG1
2012-01-14 22:37:50 -------- d-----w- C:\SG Interactive
2012-01-14 22:23:42 -------- d-----w- c:\program files\Pando Networks
2012-01-14 22:21:31 -------- d-----w- c:\program files\Raptr
2012-01-14 21:27:32 -------- d-----w- c:\program files\Lavalys
2012-01-14 10:08:11 132768 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2012-01-14 10:07:41 294600 ----a-w- c:\windows\system32\PROUnstl.exe
2012-01-14 10:03:25 135168 ----a-w- c:\windows\system32\igfxres.dll
2012-01-14 09:57:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-01-14 09:56:54 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-01-14 09:56:17 12184 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2012-01-14 09:55:00 -------- d-----w- c:\documents and settings\owner\application data\Logishrd
2012-01-14 09:53:06 -------- d-----w- c:\documents and settings\owner\INF_allOS_9.2.3.1022_PV
2012-01-14 09:44:14 526184 ----a-w- c:\windows\system32\XceedCry.dll
2012-01-14 09:44:14 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2012-01-14 09:44:14 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2012-01-14 09:44:14 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2012-01-14 09:44:14 132880 ----a-w- c:\windows\system32\Msinet.ocx
2012-01-14 09:44:14 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2012-01-14 09:44:14 1081616 ----a-w- c:\windows\system32\Mscomctl.ocx
2012-01-14 09:44:11 -------- d-----w- c:\program files\Driver Magician
2012-01-14 09:37:47 64616 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-01-14 09:37:47 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-01-14 04:56:31 -------- d-----w- c:\program files\IrfanView
2012-01-14 03:18:31 -------- d-----w- c:\program files\Speccy
2012-01-14 01:59:05 -------- d-----w- c:\program files\Origin Games
2012-01-14 01:59:03 -------- d-----w- c:\documents and settings\owner\local settings\application data\Origin
2012-01-14 01:58:18 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2012-01-14 01:57:56 -------- d-----w- c:\program files\Origin
2012-01-14 01:26:50 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2012-01-14 01:26:50 -------- d-----w- c:\program files\Belarc
2012-01-14 01:13:36 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2012-01-14 01:07:24 -------- d-----w- c:\program files\Driver-Soft
2012-01-13 23:37:09 -------- d-----w- c:\windows\system32\wbem\snmp
2012-01-13 23:37:09 -------- d-----w- c:\windows\system32\oobe
2012-01-13 23:37:08 -------- d-----w- c:\windows\system32\xircom
2012-01-13 23:37:08 -------- d-----w- c:\windows\system32\inetsrv
2012-01-13 23:37:08 -------- d-----w- c:\program files\msn gaming zone
2012-01-13 22:52:10 138056 ------w- c:\documents and settings\owner\application data\PnkBstrK.sys
2012-01-13 21:52:59 -------- d-----w- c:\documents and settings\owner\application data\Origin
2012-01-13 21:52:49 -------- d-----w- c:\documents and settings\all users\application data\Origin
2012-01-13 19:56:10 -------- d-sh--r- C:\cmdcons
2012-01-13 19:54:39 98816 ----a-w- c:\windows\sed.exe
2012-01-13 19:54:39 518144 ----a-w- c:\windows\SWREG.exe
2012-01-13 19:54:39 256000 ----a-w- c:\windows\PEV.exe
2012-01-13 19:54:39 208896 ----a-w- c:\windows\MBR.exe
2012-01-13 12:34:53 -------- d-----w- c:\program files\CCleaner
2012-01-13 11:42:13 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2012-01-13 11:42:13 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2012-01-13 11:42:13 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2012-01-13 11:42:13 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-01-13 11:42:13 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2012-01-13 11:42:13 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2012-01-13 11:42:12 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2012-01-13 11:42:11 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2012-01-13 11:27:37 -------- d-----w- c:\documents and settings\owner\local settings\application data\VS Revo Group
2012-01-13 11:27:32 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-01-13 11:27:26 -------- d-----w- c:\program files\VS Revo Group
2012-01-13 11:04:50 -------- d-----w- c:\windows\pss
2012-01-13 11:01:52 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-01-13 11:01:45 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-13 11:01:20 -------- d-----w- c:\windows\system32\LogFiles
2012-01-13 11:01:19 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-01-13 10:33:56 -------- d-----w- c:\program files\EA GAMES
2012-01-13 09:42:41 -------- d-----w- c:\program files\GetData
2012-01-13 09:42:09 -------- d-----w- c:\windows\system32\appmgmt
2012-01-13 09:18:34 -------- d-----w- c:\program files\ESET
2012-01-13 09:06:34 -------- d-----w- c:\documents and settings\owner\local settings\application data\ESET
2012-01-13 09:06:34 -------- d-----w- c:\documents and settings\owner\application data\ESET
2012-01-13 08:59:36 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2012-01-13 08:41:49 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-13 08:41:49 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-13 08:30:43 -------- d-----w- c:\windows\ie8updates
2012-01-13 07:49:15 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2012-01-13 07:49:15 152064 ------w- c:\windows\system32\dllcache\schannel.dll
2012-01-13 07:26:46 -------- d-----w- c:\documents and settings\owner\.swt
2012-01-13 07:26:42 -------- d-----w- c:\documents and settings\owner\application data\Azureus
2012-01-13 07:25:39 -------- d-----w- c:\program files\Vuze
2012-01-13 07:14:37 -------- d-----w- c:\program files\Realtek
2012-01-13 07:01:36 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-01-13 07:01:36 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-01-13 07:01:36 225280 ----a-w- c:\program files\common files\installshield\iscript\IScript.dll
2012-01-13 07:01:36 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-01-13 06:59:40 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-01-13 06:47:23 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-01-13 06:47:21 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-01-13 06:46:23 -------- d-----w- C:\Intel
2012-01-13 06:39:50 457856 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-01-13 06:38:23 -------- d-----w- c:\program files\SystemRequirementsLab
2012-01-13 06:36:39 138496 ------w- c:\windows\system32\dllcache\afd.sys
2012-01-13 06:36:37 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-13 06:34:26 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-01-13 06:33:49 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2012-01-13 06:33:00 -------- d-----w- C:\TEMP
2012-01-13 06:30:58 36484 ----a-w- c:\windows\system32\drivers\SMBios.sys
2012-01-13 06:30:55 -------- d-----w- C:\TempEI4
2012-01-12 04:26:03 -------- d-----w- c:\documents and settings\owner\ultracopier
2012-01-12 04:22:51 -------- d-----w- c:\program files\Paint.NET
2012-01-12 04:22:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\Paint.NET
2012-01-12 04:22:37 -------- d-----w- c:\documents and settings\owner\local settings\application data\STDUViewer
2012-01-12 04:22:35 -------- d-----w- c:\program files\STDU Viewer
2012-01-12 04:22:35 -------- d-----w- c:\program files\common files\STDUtility
2012-01-12 04:22:33 -------- d-----w- c:\program files\Unlocker
2012-01-12 04:22:22 -------- d-----w- c:\windows\Downloaded Installations
2012-01-12 04:22:02 -------- d-----w- c:\program files\UPHClean
2012-01-12 04:21:44 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 04:10:29 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-01-12 04:10:29 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-01-12 04:10:29 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-01-12 04:10:29 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-01-12 04:10:07 91648 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-01-12 04:10:03 589312 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-01-12 04:03:33 -------- d-----w- c:\windows\BitLockerDiscoveryVolumeContents
2012-01-12 04:03:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-01-12 04:02:08 -------- d--h--w- c:\windows\$hf_mig$
2012-01-12 04:02:07 9216 ------w- c:\windows\system32\dllcache\fs_rec.sys
2012-01-12 04:02:07 77824 ------w- c:\windows\system32\dllcache\ifsutil.dll
2012-01-12 04:02:07 57344 ------w- c:\windows\system32\dllcache\uexfat.dll
2012-01-12 04:02:07 18944 ------w- c:\windows\system32\dllcache\fmifs.dll
2012-01-12 04:02:07 133632 ------w- c:\windows\system32\dllcache\exfat.sys
2012-01-12 04:02:06 278528 ------w- c:\windows\system32\dllcache\ulib.dll
2012-01-12 04:02:05 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2012-01-12 04:02:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
.
==================== Find3M ====================
.
2012-01-13 11:11:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-11-29 02:28:28 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-11-29 02:28:28 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-11-29 02:28:28 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2011-11-29 02:28:28 133616 ------w- c:\windows\system32\pxafs.dll
2011-11-29 02:28:28 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-11-29 02:28:28 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-11-25 21:56:26 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 01:31:14 169472 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-11-19 01:17:04 683640 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-11-19 01:17:04 557176 ----a-w- c:\windows\system32\accesor.dll
2011-11-19 01:07:10 160376 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-11-19 01:04:14 2241656 ----a-w- c:\windows\system32\ncscolib.dll
2011-11-18 22:34:08 49152 ----a-r- c:\windows\system32\inetwh32.dll
2011-11-18 22:34:08 1044480 ----a-r- c:\windows\system32\roboex32.dll
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:20:51 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:20:51 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 00:27:18 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-11-04 19:19:40 919552 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:19:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:19:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 15:27:33 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:27:33 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:05:38 1289216 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 4:56:15.50 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-24 07:54:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-19 WDC_WD800JD-00LSA0 rev.06.01D06
Running: 12d6z32y.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kglirpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xA92704B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xA92707F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xA9270AB0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xA92705D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xA92708B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xA9270350]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xA9270410]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xA9270570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xA9270630]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xA9270530]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xA92704F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xA9270670]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xA9270870]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xA92703B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xA9270430]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xA9270830]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xA9270370]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xA9270470]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA83C475C]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xA92705F0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [B0, 03, 27, A9, 30, 04, 27, ...]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[192] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[636] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2200] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2200] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2512] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 0125B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\Program Files\Malwarebytes' Anti-Malware 0 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon 0 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm 191200 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\firefox.com 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\firefox.exe 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\firefox.pif 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\firefox.scr 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.com 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.pif 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.scr 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-killer.exe 984648 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe 182856 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\changes.rtf 1699 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages 0 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\hebrew.lng 18372 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\arabic.lng 20716 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\bosnian.lng 25860 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng 26296 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\catalan.lng 26822 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\chineseSI.lng 10480 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\chineseTR.lng 11384 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\croatian.lng 25546 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\czech.lng 23540 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\danish.lng 25384 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\dutch.lng 26816 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\english.lng 23390 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\estonian.lng 24112 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\finnish.lng 24580 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\french.lng 28342 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\german.lng 28506 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\hungarian.lng 27124 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\italian.lng 26812 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\latvian.lng 25804 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\lithuanian.lng 26666 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\macedonian.lng 27830 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\norwegian.lng 23864 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\polish.lng 25304 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng 27330 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng 27628 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\romanian.lng 26914 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\russian.lng 25952 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\serbian.lng 25606 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovak.lng 24392 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovenian.lng 23622 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\spanish.lng 28542 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\swedish.lng 24782 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\thai.lng 24952 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\turkish.lng 24640 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\Languages\vietnamese.lng 28118 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\license.txt 11141 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm 409786 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll 472136 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 981680 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll 1080904 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 78920 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 460872 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll 2227784 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\mbampt.exe 39496 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 652872 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll 46416 bytes executable
File C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat 10734 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe 709968 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\unins000.msg 10498 bytes
File C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx 496976 bytes executable

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:47 AM

Posted 29 January 2012 - 09:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:47 AM

Posted 06 February 2012 - 09:51 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users