Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR Code Faked!


  • This topic is locked This topic is locked
33 replies to this topic

#1 jeane30

jeane30

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 02 February 2012 - 08:43 AM

Referred from here: http://www.bleepingcomputer.com/forums/topic438228.html ~ OB

Here are logs file after latest scanning,I thought I had remove all viruses and everything was ok but my pc crashes also can't update.

So here are the log files:

tdsskiller:


10:47:47.0560 4720 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
10:47:48.0174 4720 ============================================================
10:47:48.0174 4720 Current date / time: 2012/02/01 10:47:48.0174
10:47:48.0174 4720 SystemInfo:
10:47:48.0174 4720
10:47:48.0174 4720 OS Version: 6.1.7600 ServicePack: 0.0
10:47:48.0174 4720 Product type: Workstation
10:47:48.0175 4720 ComputerName: LOLA-PC
10:47:48.0175 4720 UserName: lola
10:47:48.0175 4720 Windows directory: C:\Windows
10:47:48.0175 4720 System windows directory: C:\Windows
10:47:48.0175 4720 Running under WOW64
10:47:48.0175 4720 Processor architecture: Intel x64
10:47:48.0175 4720 Number of processors: 4
10:47:48.0175 4720 Page size: 0x1000
10:47:48.0175 4720 Boot type: Normal boot
10:47:48.0175 4720 ============================================================
10:47:48.0984 4720 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:47:48.0999 4720 \Device\Harddisk0\DR0:
10:47:48.0999 4720 GPT used
10:47:49.0000 4720 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {00000F79-2389-0000-AE54-00003D270000}, Name: EFI system partition, StartLBA 0x28, BlocksNum 0x64000
10:47:49.0000 4720 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {000012A0-2B14-0000-AC7F-0000FF030000}, Name: Customer, StartLBA 0x64028, BlocksNum 0x3A352940
10:47:49.0000 4720 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9ADD74F1-56B0-4259-8EAD-10394B35C1BA}, Name: BOOTCAMP, StartLBA 0x3A3F7000, BlocksNum 0x3A30F800
10:47:49.0000 4720 Initialize success
10:47:49.0000 4720 ============================================================
10:47:50.0987 2680 ============================================================
10:47:50.0987 2680 Scan started
10:47:50.0987 2680 Mode: Manual;
10:47:50.0987 2680 ============================================================
10:47:51.0438 2680 1394ohci - ok
10:47:51.0446 2680 25932738 - ok
10:47:51.0449 2680 ACPI - ok
10:47:51.0451 2680 AcpiPmi - ok
10:47:51.0457 2680 adp94xx - ok
10:47:51.0459 2680 adpahci - ok
10:47:51.0463 2680 adpu320 - ok
10:47:51.0472 2680 AFD - ok
10:47:51.0476 2680 agp440 - ok
10:47:51.0483 2680 aliide - ok
10:47:51.0487 2680 amdide - ok
10:47:51.0490 2680 AmdK8 - ok
10:47:51.0492 2680 amdkmdag - ok
10:47:51.0502 2680 amdkmdap - ok
10:47:51.0505 2680 AmdPPM - ok
10:47:51.0507 2680 amdsata - ok
10:47:51.0509 2680 amdsbs - ok
10:47:51.0511 2680 amdxata - ok
10:47:51.0513 2680 AppID - ok
10:47:51.0524 2680 applebmt - ok
10:47:51.0527 2680 AppleBtBc - ok
10:47:51.0529 2680 AppleHFS - ok
10:47:51.0531 2680 AppleMNT - ok
10:47:51.0535 2680 arc - ok
10:47:51.0537 2680 arcsas - ok
10:47:51.0549 2680 AsyncMac - ok
10:47:51.0551 2680 atapi - ok
10:47:51.0556 2680 athr - ok
10:47:51.0572 2680 b06bdrv - ok
10:47:51.0574 2680 b57nd60a - ok
10:47:51.0578 2680 BC - ok
10:47:51.0581 2680 Beep - ok
10:47:51.0591 2680 blbdrive - ok
10:47:51.0602 2680 bowser - ok
10:47:51.0604 2680 BrFiltLo - ok
10:47:51.0606 2680 BrFiltUp - ok
10:47:51.0609 2680 Brserid - ok
10:47:51.0611 2680 BrSerWdm - ok
10:47:51.0613 2680 BrUsbMdm - ok
10:47:51.0616 2680 BrUsbSer - ok
10:47:51.0618 2680 BthEnum - ok
10:47:51.0620 2680 BTHMODEM - ok
10:47:51.0622 2680 BthPan - ok
10:47:51.0624 2680 BTHPORT - ok
10:47:51.0627 2680 BTHUSB - ok
10:47:51.0637 2680 CBDisk - ok
10:47:51.0639 2680 cdfs - ok
10:47:51.0641 2680 cdrom - ok
10:47:51.0644 2680 circlass - ok
10:47:51.0646 2680 CirrusFilter - ok
10:47:51.0648 2680 CLFS - ok
10:47:51.0654 2680 CmBatt - ok
10:47:51.0656 2680 cmdide - ok
10:47:51.0658 2680 CNG - ok
10:47:51.0660 2680 Compbatt - ok
10:47:51.0662 2680 CompositeBus - ok
10:47:51.0665 2680 crcdisk - ok
10:47:51.0673 2680 DfsC - ok
10:47:51.0676 2680 discache - ok
10:47:51.0678 2680 Disk - ok
10:47:51.0683 2680 drmkaud - ok
10:47:51.0685 2680 DXGKrnl - ok
10:47:51.0688 2680 ebdrv - ok
10:47:51.0693 2680 elxstor - ok
10:47:51.0695 2680 ErrDev - ok
10:47:51.0700 2680 exfat - ok
10:47:51.0702 2680 fastfat - ok
10:47:51.0705 2680 fdc - ok
10:47:51.0709 2680 FileInfo - ok
10:47:51.0711 2680 Filetrace - ok
10:47:51.0716 2680 flpydisk - ok
10:47:51.0718 2680 FltMgr - ok
10:47:51.0722 2680 FsDepends - ok
10:47:51.0724 2680 Fs_Rec - ok
10:47:51.0726 2680 fvevol - ok
10:47:51.0728 2680 gagp30kx - ok
10:47:51.0730 2680 GEARAspiWDM - ok
10:47:51.0733 2680 hcw85cir - ok
10:47:51.0735 2680 HdAudAddService - ok
10:47:51.0737 2680 HDAudBus - ok
10:47:51.0739 2680 HidBatt - ok
10:47:51.0741 2680 HidBth - ok
10:47:51.0743 2680 HidIr - ok
10:47:51.0746 2680 HidUsb - ok
10:47:51.0751 2680 HpSAMD - ok
10:47:51.0753 2680 HTTP - ok
10:47:51.0755 2680 hwpolicy - ok
10:47:51.0757 2680 i8042prt - ok
10:47:51.0759 2680 iaStorV - ok
10:47:51.0762 2680 iirsp - ok
10:47:51.0768 2680 intelide - ok
10:47:51.0771 2680 intelppm - ok
10:47:51.0774 2680 IpFilterDriver - ok
10:47:51.0776 2680 IPMIDRV - ok
10:47:51.0778 2680 IPNAT - ok
10:47:51.0781 2680 IRENUM - ok
10:47:51.0783 2680 IRRemoteFlt - ok
10:47:51.0785 2680 isapnp - ok
10:47:51.0787 2680 iScsiPrt - ok
10:47:51.0790 2680 kbdclass - ok
10:47:51.0792 2680 kbdhid - ok
10:47:51.0793 2680 KeyAgent - ok
10:47:51.0802 2680 KeyMagic - ok
10:47:51.0804 2680 KSecDD - ok
10:47:51.0806 2680 KSecPkg - ok
10:47:51.0809 2680 ksfmonsys - ok
10:47:51.0811 2680 ksthunk - ok
10:47:51.0824 2680 LFSys - ok
10:47:51.0826 2680 lltdio - ok
10:47:51.0831 2680 LSI_FC - ok
10:47:51.0833 2680 LSI_SAS - ok
10:47:51.0835 2680 LSI_SAS2 - ok
10:47:51.0837 2680 LSI_SCSI - ok
10:47:51.0839 2680 luafv - ok
10:47:51.0849 2680 MacHALDriver - ok
10:47:51.0852 2680 MDFSYSNT - ok
10:47:51.0854 2680 MDPMGRNT - ok
10:47:51.0856 2680 megasas - ok
10:47:51.0858 2680 MegaSR - ok
10:47:51.0867 2680 Modem - ok
10:47:51.0869 2680 monitor - ok
10:47:51.0871 2680 mouclass - ok
10:47:51.0873 2680 mouhid - ok
10:47:51.0875 2680 mountmgr - ok
10:47:51.0877 2680 MpFilter - ok
10:47:51.0879 2680 mpio - ok
10:47:51.0881 2680 MpNWMon - ok
10:47:51.0883 2680 mpsdrv - ok
10:47:51.0886 2680 MRxDAV - ok
10:47:51.0888 2680 mrxsmb - ok
10:47:51.0891 2680 mrxsmb10 - ok
10:47:51.0893 2680 mrxsmb20 - ok
10:47:51.0895 2680 msahci - ok
10:47:51.0897 2680 msdsm - ok
10:47:51.0902 2680 Msfs - ok
10:47:51.0904 2680 mshidkmdf - ok
10:47:51.0906 2680 msisadrv - ok
10:47:51.0910 2680 MSKSSRV - ok
10:47:51.0914 2680 MSPCLOCK - ok
10:47:51.0916 2680 MSPQM - ok
10:47:51.0918 2680 MsRPC - ok
10:47:51.0921 2680 mssmbios - ok
10:47:51.0923 2680 MSTEE - ok
10:47:51.0926 2680 MTConfig - ok
10:47:51.0928 2680 Mup - ok
10:47:51.0931 2680 NativeWifiP - ok
10:47:51.0933 2680 NDIS - ok
10:47:51.0935 2680 NdisCap - ok
10:47:51.0937 2680 NdisTapi - ok
10:47:51.0939 2680 Ndisuio - ok
10:47:51.0941 2680 NdisWan - ok
10:47:51.0943 2680 NDProxy - ok
10:47:51.0946 2680 NetBIOS - ok
10:47:51.0948 2680 NetBT - ok
10:47:51.0958 2680 nfrd960 - ok
10:47:51.0960 2680 NisDrv - ok
10:47:51.0964 2680 Npfs - ok
10:47:51.0967 2680 nsiproxy - ok
10:47:51.0970 2680 Ntfs - ok
10:47:51.0973 2680 Null - ok
10:47:51.0975 2680 nvraid - ok
10:47:51.0977 2680 nvstor - ok
10:47:51.0979 2680 nv_agp - ok
10:47:51.0981 2680 ohci1394 - ok
10:47:51.0990 2680 Parport - ok
10:47:51.0992 2680 partmgr - ok
10:47:51.0995 2680 pci - ok
10:47:51.0997 2680 pciide - ok
10:47:51.0999 2680 pcmcia - ok
10:47:52.0001 2680 PCTCore - ok
10:47:52.0004 2680 pctDS - ok
10:47:52.0006 2680 pctEFA - ok
10:47:52.0008 2680 pcw - ok
10:47:52.0010 2680 PEAUTH - ok
10:47:52.0021 2680 Point64 - ok
10:47:52.0026 2680 PptpMiniport - ok
10:47:52.0028 2680 Processor - ok
10:47:52.0032 2680 Prot6Flt - ok
10:47:52.0035 2680 Psched - ok
10:47:52.0037 2680 ql2300 - ok
10:47:52.0039 2680 ql40xx - ok
10:47:52.0042 2680 QWAVEdrv - ok
10:47:52.0044 2680 RasAcd - ok
10:47:52.0046 2680 RasAgileVpn - ok
10:47:52.0049 2680 Rasl2tp - ok
10:47:52.0052 2680 RasPppoe - ok
10:47:52.0055 2680 RasSstp - ok
10:47:52.0068 2680 rdbss - ok
10:47:52.0071 2680 rdpbus - ok
10:47:52.0073 2680 RDPCDD - ok
10:47:52.0076 2680 RDPENCDD - ok
10:47:52.0079 2680 RDPREFMP - ok
10:47:52.0081 2680 RDPWD - ok
10:47:52.0083 2680 rdyboost - ok
10:47:52.0087 2680 RFCOMM - ok
10:47:52.0092 2680 rspndr - ok
10:47:52.0095 2680 SASDIFSV - ok
10:47:52.0098 2680 SASKUTIL - ok
10:47:52.0101 2680 SAVOnAccess - ok
10:47:52.0103 2680 sbp2port - ok
10:47:52.0106 2680 scfilter - ok
10:47:52.0111 2680 secdrv - ok
10:47:52.0116 2680 Serenum - ok
10:47:52.0118 2680 Serial - ok
10:47:52.0120 2680 sermouse - ok
10:47:52.0126 2680 sffdisk - ok
10:47:52.0128 2680 sffp_mmc - ok
10:47:52.0130 2680 sffp_sd - ok
10:47:52.0132 2680 sfloppy - ok
10:47:52.0137 2680 SiSRaid2 - ok
10:47:52.0140 2680 SiSRaid4 - ok
10:47:52.0142 2680 Smb - ok
10:47:52.0147 2680 SophosBootDriver - ok
10:47:52.0150 2680 spldr - ok
10:47:52.0155 2680 srv - ok
10:47:52.0157 2680 srv2 - ok
10:47:52.0159 2680 srvnet - ok
10:47:52.0163 2680 stexstor - ok
10:47:52.0166 2680 SWDUMon - ok
10:47:52.0168 2680 swenum - ok
10:47:52.0177 2680 Tcpip - ok
10:47:52.0179 2680 TCPIP6 - ok
10:47:52.0182 2680 tcpipreg - ok
10:47:52.0185 2680 TDPIPE - ok
10:47:52.0187 2680 TDTCP - ok
10:47:52.0190 2680 tdx - ok
10:47:52.0192 2680 TermDD - ok
10:47:52.0201 2680 tssecsrv - ok
10:47:52.0203 2680 tunnel - ok
10:47:52.0205 2680 uagp35 - ok
10:47:52.0207 2680 udfs - ok
10:47:52.0212 2680 uliagpkx - ok
10:47:52.0214 2680 umbus - ok
10:47:52.0216 2680 UmPass - ok
10:47:52.0220 2680 usbccgp - ok
10:47:52.0222 2680 usbcir - ok
10:47:52.0224 2680 usbehci - ok
10:47:52.0226 2680 usbhub - ok
10:47:52.0228 2680 usbohci - ok
10:47:52.0230 2680 usbprint - ok
10:47:52.0232 2680 USBSTOR - ok
10:47:52.0234 2680 usbuhci - ok
10:47:52.0236 2680 usbvideo - ok
10:47:52.0241 2680 vdrvroot - ok
10:47:52.0244 2680 vga - ok
10:47:52.0245 2680 VgaSave - ok
10:47:52.0247 2680 vhdmp - ok
10:47:52.0250 2680 viaide - ok
10:47:52.0251 2680 volmgr - ok
10:47:52.0253 2680 volmgrx - ok
10:47:52.0256 2680 volsnap - ok
10:47:52.0258 2680 vsmraid - ok
10:47:52.0261 2680 vwifibus - ok
10:47:52.0263 2680 vwififlt - ok
10:47:52.0265 2680 vwifimp - ok
10:47:52.0270 2680 WacomPen - ok
10:47:52.0273 2680 WANARP - ok
10:47:52.0275 2680 Wanarpv6 - ok
10:47:52.0282 2680 Wd - ok
10:47:52.0284 2680 Wdf01000 - ok
10:47:52.0292 2680 WfpLwf - ok
10:47:52.0294 2680 WIMMount - ok
10:47:52.0306 2680 WmiAcpi - ok
10:47:52.0314 2680 ws2ifsl - ok
10:47:52.0320 2680 WudfPf - ok
10:47:52.0322 2680 WUDFRd - ok
10:47:52.0332 2680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:47:52.0379 2680 \Device\Harddisk0\DR0 - ok
10:47:52.0383 2680 Boot (0x1200) (3bbc7c1c8f91845a58ff07219ee597d9) \Device\Harddisk0\DR0\Partition0
10:47:52.0384 2680 \Device\Harddisk0\DR0\Partition0 - ok
10:47:52.0408 2680 Boot (0x1200) (07ae51a5b2b7b7bf9e0b06796fb0146a) \Device\Harddisk0\DR0\Partition1
10:47:52.0408 2680 \Device\Harddisk0\DR0\Partition1 - ok
10:47:52.0411 2680 Boot (0x1200) (b0bc5dfb92fcf605b1ce9cdcfe603613) \Device\Harddisk0\DR0\Partition2
10:47:52.0412 2680 \Device\Harddisk0\DR0\Partition2 - ok
10:47:52.0412 2680 ============================================================
10:47:52.0412 2680 Scan finished
10:47:52.0412 2680 ============================================================
10:47:52.0420 2060 Detected object count: 0
10:47:52.0420 2060 Actual detected object count: 0

Microsoft security essentials says found one Trojan:Win64/Sirefef.M

and here the log file from aswMBR


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 10:52:52
-----------------------------
10:52:52.164 OS Version: Windows x64 6.1.7600
10:52:52.165 Number of processors: 4 586 0x1E05
10:52:52.166 ComputerName: LOLA-PC UserName: lola
10:53:01.495 Initialize success
10:54:37.586 AVAST engine defs: 12012600
10:55:00.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:55:00.153 Disk 0 Vendor: WDC_WD1001FALS-40Y6A0 05.01D06 Size: 953869MB BusType: 3
10:55:00.156 Disk 0 MBR read successfully
10:55:00.158 Disk 0 MBR scan
10:55:00.162 Disk 0 Windows 7 default MBR code
10:55:00.164 Disk 0 MBR hidden
10:55:00.166 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
10:55:00.197 Disk 0 Partition 2 00 AF HFS / HFS+ 476837 MB offset 409640
10:55:00.219 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 476703 MB offset 977235968
10:55:00.243 Service scanning
10:55:00.842 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:55:01.539 Modules scanning
10:55:01.549 Disk 0 trace - called modules:
10:55:01.890 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:55:01.900 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d61790]
10:55:01.909 3 CLASSPNP.SYS[fffff88001b4a43f] -> nt!IofCallDriver -> [0xfffffa8004bf6b30]
10:55:01.917 5 PCTCore64.sys[fffff8800107f094] -> nt!IofCallDriver -> [0xfffffa8004ad5520]
10:55:01.927 7 ACPI.sys[fffff88000f25781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ad7060]
10:55:03.595 AVAST engine scan C:\Windows
10:55:06.088 AVAST engine scan C:\Windows\system32
10:57:56.027 AVAST engine scan C:\Windows\system32\drivers
10:58:06.226 AVAST engine scan C:\Users\lola
10:59:11.771 Disk 0 MBR has been saved successfully to "C:\Users\lola\Desktop\MBR.dat"
10:59:11.779 The log file has been saved successfully to "C:\Users\lola\Desktop\aswMBR.txt"
11:43:11.505 AVAST engine scan C:\ProgramData
11:46:59.676 Scan finished successfully
11:52:33.191 Disk 0 MBR has been saved successfully to "C:\Users\lola\Desktop\MBR.dat"
11:52:33.245 The log file has been saved successfully to "C:\Users\lola\Desktop\aswMBR.txt"

Hey , here is the log file of MBRCheck:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 212):
0x03215000 \SystemRoot\system32\ntoskrnl.exe
0x037F1000 \SystemRoot\system32\hal.dll
0x00BAB000 \SystemRoot\system32\kdcom.dll
0x00CE5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D29000 \SystemRoot\system32\PSHED.dll
0x00D3D000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E8D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F31000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F40000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F97000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FA0000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FEC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D9B000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E71000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E81000 \SystemRoot\system32\DRIVERS\atapi.sys
0x010FE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01128000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01133000 \SystemRoot\system32\drivers\fileinfo.sys
0x01147000 \SystemRoot\system32\drivers\PCTCore64.sys
0x0118A000 \SystemRoot\system32\drivers\pctDS64.sys
0x01000000 \SystemRoot\system32\drivers\pctEFA64.sys
0x0122A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01493000 \SystemRoot\System32\Drivers\msrpc.sys
0x014F1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0150B000 \SystemRoot\System32\Drivers\cng.sys
0x0157E000 \SystemRoot\System32\drivers\pcw.sys
0x0158F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162B000 \SystemRoot\system32\drivers\ndis.sys
0x0171D000 \SystemRoot\system32\drivers\NETIO.SYS
0x0177D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x017A8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01599000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017F2000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x01600000 \SystemRoot\System32\Drivers\mup.sys
0x01612000 \SystemRoot\system32\DRIVERS\MDPMGRNT.SYS
0x0143A000 \SystemRoot\System32\Drivers\MDFSYSNT.sys
0x015E5000 \SystemRoot\SysWOW64\drivers\LFSys64.sys
0x0161F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A3F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A79000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A8F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01AF5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01B1F000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01B50000 \SystemRoot\System32\Drivers\Null.SYS
0x01B59000 \SystemRoot\System32\Drivers\Beep.SYS
0x01B60000 \SystemRoot\System32\drivers\vga.sys
0x01B6E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01B93000 \SystemRoot\System32\drivers\watchdog.sys
0x01BA3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BAC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BB5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01BBE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BC9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01BDA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01A00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0400E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04053000 \SystemRoot\system32\drivers\afd.sys
0x040DC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x040E5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0410B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04121000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04130000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0414B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0415F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04169000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04173000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x041C4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x041D0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x041DB000 \SystemRoot\System32\drivers\discache.sys
0x01A0D000 \SystemRoot\System32\Drivers\dfsc.sys
0x041EA000 \??\C:\Windows\system32\drivers\CBDisk.sys
0x01A2B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x013CC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04297000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A37000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x042DD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05166000 \SystemRoot\System32\drivers\dxgmms1.sys
0x051AC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x051DD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04486000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x04623000 \SystemRoot\system32\DRIVERS\athrx.sys
0x047AA000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x047B7000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0460D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x044E7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x044F7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0450D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04531000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0453D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0456C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04587000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045A8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045C2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x045D1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x047F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04400000 \SystemRoot\system32\DRIVERS\ks.sys
0x04443000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05474000 \SystemRoot\system32\drivers\HdAudio.sys
0x054D0000 \SystemRoot\system32\drivers\portcls.sys
0x0550D000 \SystemRoot\system32\drivers\drmk.sys
0x0552F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05535000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0558F000 \SystemRoot\system32\DRIVERS\CS420x64.sys
0x0559A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x055AF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x055BD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x055C9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x055D2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x055E5000 \SystemRoot\System32\drivers\Dxapi.sys
0x05400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0541B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0541D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0543A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x055F1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x04455000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04463000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05468000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x045E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x045ED000 \SystemRoot\system32\DRIVERS\point64.sys
0x00610000 \SystemRoot\System32\cdd.dll
0x051EE000 \SystemRoot\system32\DRIVERS\IRFilter.sys
0x04A00000 \SystemRoot\system32\DRIVERS\AppleBtBc.sys
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x04A0C000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x02C8D000 \SystemRoot\System32\Drivers\bthport.sys
0x02D19000 \SystemRoot\system32\drivers\luafv.sys
0x02D3C000 \SystemRoot\system32\drivers\WudfPf.sys
0x02D5D000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x02D89000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x02D99000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x02DB9000 \SystemRoot\system32\DRIVERS\applebmt.sys
0x02DCC000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x02DEA000 \SystemRoot\system32\DRIVERS\KeyMagic.sys
0x02C00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02C0E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02C23000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02C76000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04256000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x068E0000 \SystemRoot\system32\drivers\HTTP.sys
0x069A8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x069D5000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x069DF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06800000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06818000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06845000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06893000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06AD7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06B3E000 \SystemRoot\System32\DRIVERS\srv.sys
0x06BD3000 \??\C:\Windows\system32\drivers\KeyAgent.sys
0x06BDB000 \??\C:\Windows\system32\drivers\MacHALDriver.sys
0x06A00000 \SystemRoot\system32\drivers\peauth.sys
0x06AA6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06AB1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06BE5000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x01ABF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0A4D3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x773B0000 \Windows\System32\ntdll.dll
0x476C0000 \Windows\System32\smss.exe
0xFF6D0000 \Windows\System32\apisetschema.dll
0xFF790000 \Windows\System32\autochk.exe
0xFF660000 \Windows\System32\uxtheme.dll
0xFF4E0000 \Windows\System32\urlmon.dll
0xFF4C0000 \Windows\System32\imagehlp.dll
0xFF440000 \Windows\System32\shlwapi.dll
0xFF3F0000 \Windows\System32\ws2_32.dll
0xFF210000 \Windows\System32\setupapi.dll
0xFF200000 \Windows\System32\lpk.dll
0xFF130000 \Windows\System32\usp10.dll
0xFF050000 \Windows\System32\advapi32.dll
0xFEFB0000 \Windows\System32\clbcatq.dll
0xFED50000 \Windows\System32\iertutil.dll
0xFED40000 \Windows\System32\shimeng.dll
0x77290000 \Windows\System32\kernel32.dll
0xFED20000 \Windows\System32\msacm32.dll
0x77580000 \Windows\System32\psapi.dll
0x77570000 \Windows\System32\normaliz.dll
0xFEBF0000 \Windows\System32\rpcrt4.dll
0xFE9E0000 \Windows\System32\ole32.dll
0xFE940000 \Windows\System32\msvcrt.dll
0xFDBB0000 \Windows\System32\shell32.dll
0xFDB60000 \Windows\System32\Wldap32.dll
0xFDB40000 \Windows\System32\sechost.dll
0xFDAA0000 \Windows\System32\comdlg32.dll
0xFD970000 \Windows\System32\wininet.dll
0xFD940000 \Windows\System32\imm32.dll
0x77190000 \Windows\System32\user32.dll
0xFD8D0000 \Windows\System32\gdi32.dll
0xFD8C0000 \Windows\System32\nsi.dll
0xFD840000 \Windows\System32\difxapi.dll
0xFD730000 \Windows\System32\msctf.dll
0xFD650000 \Windows\System32\oleaut32.dll
0xFD5E0000 \Windows\System32\KernelBase.dll
0xFD5A0000 \Windows\System32\cfgmgr32.dll
0xFD560000 \Windows\System32\winmm.dll
0xFD3F0000 \Windows\System32\crypt32.dll
0xFD3B0000 \Windows\System32\wintrust.dll
0xFD310000 \Windows\System32\comctl32.dll
0xFD2F0000 \Windows\System32\devobj.dll
0xFD2E0000 \Windows\System32\msasn1.dll

Processes (total 62):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
384 csrss.exe
456 C:\Windows\System32\wininit.exe
480 csrss.exe
516 C:\Windows\System32\services.exe
548 C:\Windows\System32\lsass.exe
556 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\svchost.exe
804 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
848 C:\Windows\System32\atiesrxx.exe
928 C:\Windows\System32\winlogon.exe
348 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
168 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\audiodg.exe
1168 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\atieclxx.exe
1540 C:\Windows\System32\spoolsv.exe
1608 C:\Windows\System32\svchost.exe
1828 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1856 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1884 C:\Windows\SysWOW64\svchost.exe
1908 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1940 C:\Windows\System32\AppleOSSMgr.exe
1964 C:\Windows\System32\AppleTimeSrv.exe
2004 C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
2040 C:\Program Files\Bonjour\mDNSResponder.exe
540 C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
1228 C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
1664 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
2124 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2292 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2320 C:\Windows\System32\vds.exe
2428 C:\Windows\System32\svchost.exe
2448 C:\Windows\System32\svchost.exe
2560 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2612 WUDFHost.exe
2976 C:\Windows\System32\taskhost.exe
2180 C:\Windows\System32\dwm.exe
2284 C:\Windows\explorer.exe
3284 C:\Program Files\Microsoft Security Client\msseces.exe
3344 C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
3492 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3576 C:\Program Files (x86)\Lock Folder XP\LFService.exe
3596 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3624 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3760 C:\Windows\System32\SearchIndexer.exe
3892 C:\Program Files\iPod\bin\iPodService.exe
1316 C:\Windows\System32\svchost.exe
2956 C:\Windows\System32\wuauclt.exe
3592 C:\Program Files (x86)\Safari\Safari.exe
1624 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
2348 C:\Users\lola\AppData\Roaming\IMVUClient\IMVUClient.exe
508 C:\Windows\System32\SearchProtocolHost.exe
1620 C:\Windows\System32\SearchFilterHost.exe
3784 C:\Users\lola\Downloads\MBRCheck.exe
3136 C:\Windows\System32\conhost.exe
648 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000074`7ee00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`0c805000 (HFSJ)

PhysicalDrive0 Model Number: WDCWD1001FALS-40Y6A0, Rev: 05.01D06

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



and the list of ESET scanning here:


C:\Windows\assembly\tmp\U\00000001.@ Win64/Redirector.A trojan cleaned by deleting - quarantined
E:\Users\xxxxxxx\Downloads\installer_torrent_2_2_build_22538_beta_English.exe Win32/Toggle application deleted - quarantined
E:\Users\xxxxxxxx\Downloads\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application deleted - quarantined
E:\Users\xxxxxxx\Downloads\SoftonicDownloader_for_imvu.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined


Thank you in advance

Edited by CatByte, 25 May 2012 - 04:18 PM.
removed name


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:49 PM

Posted 04 February 2012 - 12:35 PM

Hi,



Please do the following



Refer to the ComboFix User's Guide





  • Download ComboFix from one of these locations:



    Link 1

    Link 2



    * IMPORTANT !!! Place ComboFix.exe on your Desktop



  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    You can get help on disabling your protection programs here



  • Double click on ComboFix.exe & follow the prompts.

  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  • When finished, it shall produce a log for you. Post that log in your next reply



    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.




    ---------------------------------------------------------------------------------------------



  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.



    ---------------------------------------------------------------------------------------------




NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.




Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 09 February 2012 - 11:45 AM

Hi,

Hmm I m trying to run Combofix its like third time and it stops on completed stage_49. I dont know what I should do?

Thank you in advance

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:49 PM

Posted 09 February 2012 - 05:51 PM

Hi,

Please go into task manager (Ctrl + Alt + Del) end process on the following processes if they are present Pev.exe, sed.exe, CFxxx.3Xe


now please boot into safe mode and try running it in safe mode:

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 09 February 2012 - 08:01 PM

Hi ,

I did open in safe mode and tried to run it from there but unfortunately it just stopped at completed stage_49.

I am just attaching a snapshot of what prosseses are running on my pc , maybe this could help u,I may also have to mention I m on windows via bootcamp on a mac.

Thank you

Attached Files

  • Attached File  2.jpg   286.95KB   3 downloads

Edited by jeane30, 09 February 2012 - 08:11 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:49 PM

Posted 09 February 2012 - 08:13 PM

Hi,

How long did you wait for it to finish, sometimes it appears to be stalled, but if you leave it a bit longer it may complete.

Please run the following:


Please download Listparts64
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 09 February 2012 - 08:18 PM

The other times I was waiting like 2 hours, today in safe mode I just let it about 20 minutes where it was stuck again on 49 about 15 minutes.

here is the result:

ListParts by Farbar
Ran by lola on 10-02-2012 at 03:16:33
Windows 7 (X64)
Running From: C:\Users\lola\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 50%
Total physical RAM: 4085.98 MB
Available physical RAM: 2017.19 MB
Total Pagefile: 8170.11 MB
Available Pagefile: 4894.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (BOOTCAMP) (Fixed) (Total:465.53 GB) (Free:326.44 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: (Macintosh HD) (Fixed) (Total:465.66 GB) (Free:310 GB) HFSJ
5 Drive h: (mac external) (Fixed) (Total:465.88 GB) (Free:180.69 GB) HFSJ
6 Drive i: (windows external) (Fixed) (Total:465.63 GB) (Free:203.86 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 128 MB
Disk 1 No Media 0 B 0 B
Disk 2 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 512 B
Partition 2 Primary 465 GB 200 MB
Partition 3 Primary 465 GB 465 GB

Disk: 0
Partition 1
Type : EE
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E Macintosh H HFSJ Partition 465 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C BOOTCAMP NTFS Partition 465 GB Healthy System (partition with boot components)

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB
Partition 2 Primary 465 GB 465 GB

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H mac externa HFSJ Partition 465 GB Healthy

Disk: 2
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 I windows ext NTFS Partition 465 GB Healthy



Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {d8e81dbf-b0af-11e0-8a80-8d30ff585ce7}
resumeobject {d8e81dbe-b0af-11e0-8a80-8d30ff585ce7}
displayorder {d8e81dbf-b0af-11e0-8a80-8d30ff585ce7}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {d8e81dbf-b0af-11e0-8a80-8d30ff585ce7}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {d8e81dc0-b0af-11e0-8a80-8d30ff585ce7}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {d8e81dbe-b0af-11e0-8a80-8d30ff585ce7}
nx OptIn

Windows Boot Loader
-------------------
identifier {d8e81dc0-b0af-11e0-8a80-8d30ff585ce7}
device ramdisk=[C:]\Recovery\d8e81dc0-b0af-11e0-8a80-8d30ff585ce7\Winre.wim,{d8e81dc1-b0af-11e0-8a80-8d30ff585ce7}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\d8e81dc0-b0af-11e0-8a80-8d30ff585ce7\Winre.wim,{d8e81dc1-b0af-11e0-8a80-8d30ff585ce7}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {d8e81dbe-b0af-11e0-8a80-8d30ff585ce7}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {d8e81dc1-b0af-11e0-8a80-8d30ff585ce7}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\d8e81dc0-b0af-11e0-8a80-8d30ff585ce7\boot.sdi


****** End Of Log ******

Thank you

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:49 PM

Posted 09 February 2012 - 08:30 PM

Please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 09 February 2012 - 08:47 PM

Okay here is the OTL :


OTL logfile created on: 2/10/2012 3:34:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\lola\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.68% Memory free
7.98 Gb Paging File | 6.21 Gb Available in Paging File | 77.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.53 Gb Total Space | 327.01 Gb Free Space | 70.25% Space Free | Partition Type: NTFS
Drive E: | 465.66 Gb Total Space | 310.00 Gb Free Space | 66.57% Space Free | Partition Type: HFSJ
Drive H: | 465.88 Gb Total Space | 180.69 Gb Free Space | 38.78% Space Free | Partition Type: HFSJ
Drive I: | 465.63 Gb Total Space | 203.86 Gb Free Space | 43.78% Space Free | Partition Type: NTFS

Computer Name: LOLA-PC | User Name: lola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 03:32:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lola\Desktop\OTL.exe
PRC - [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2011/11/01 23:26:24 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/10/28 12:49:28 | 000,060,248 | ---- | M] () -- C:\Program Files (x86)\Lock Folder XP\LFService.exe
PRC - [2011/10/21 18:46:41 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/28 12:49:28 | 000,060,248 | ---- | M] () -- C:\Program Files (x86)\Lock Folder XP\LFService.exe
MOD - [2011/06/25 07:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/25 07:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/24 10:35:20 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/08/16 03:35:16 | 000,224,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV:64bit: - [2011/08/12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/02/22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2010/10/15 07:55:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/07/17 01:45:18 | 000,110,904 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV:64bit: - [2010/01/07 10:16:32 | 000,218,112 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/02/01 11:38:39 | 003,342,112 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_e286960.dll -- (Akamai)
SRV - [2011/10/30 16:05:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/21 18:46:41 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/03/09 23:04:52 | 000,065,536 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/16 03:35:16 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
DRV:64bit: - [2011/08/16 03:35:16 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
DRV:64bit: - [2011/08/16 03:35:16 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/19 11:10:00 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/03 05:36:46 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2011/06/03 05:36:41 | 000,052,736 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/10/15 07:58:17 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter)
DRV:64bit: - [2010/10/15 07:55:22 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/15 07:55:22 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/17 01:45:26 | 000,021,048 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/07/13 01:00:27 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/06/22 22:07:02 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV:64bit: - [2010/06/22 22:06:24 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV:64bit: - [2010/02/10 11:19:14 | 001,586,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/04 09:14:20 | 000,304,232 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/01/13 11:15:54 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
DRV:64bit: - [2009/09/23 13:23:08 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 22:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/10/28 12:49:18 | 000,098,648 | ---- | M] (© Everstrike Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\LFSys64.sys -- (LFSys)
DRV - [2011/10/21 11:01:40 | 000,024,984 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\system32\Drivers\BC.sys -- (BC)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421



IE - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?rd=1
IE - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost;127.0.0.1

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 15:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/15 15:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lola\AppData\Roaming\Mozilla\Extensions
[2012/01/31 02:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lola\AppData\Roaming\Mozilla\Firefox\Profiles\m7tch257.default\extensions
[2012/01/31 02:24:52 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\lola\AppData\Roaming\Mozilla\Firefox\Profiles\m7tch257.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2012/01/23 20:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/17 15:45:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/23 20:59:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/21 09:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/17 20:33:49 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/12/21 06:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/28 19:33:26 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/12/21 06:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Babylon Chrome OCR = C:\Users\lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: Skype Click to Call = C:\Users\lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012/01/16 15:08:52 | 000,001,945 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\..\Toolbar\WebBrowser: (no name) - {40F5F417-32BB-4296-9446-C1E0094E7D82} - No CLSID value found.
O3 - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O3 - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LFService] C:\Program Files (x86)\Lock Folder XP\LFService.exe ()
O4 - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 12
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28C3CC00-A69C-4A58-93EF-09057BF863AB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/17 20:26:47 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/10/17 20:26:36 | 3325,396,862 | ---- | M] () - C:\Autodesk_3ds_Max_2012_English_Win_32-64bit.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 03:32:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\lola\Desktop\OTL.exe
[2012/02/10 02:19:12 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/09 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Local\{248709C1-7F36-4B4C-B01E-54647E07071E}
[2012/02/09 18:56:08 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Local\{0D61056C-EBAB-46A9-A2EC-67D131C32A36}
[2012/02/08 19:45:33 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Local\{D9C38B1B-5A71-44C2-9A39-2429F8BD6822}
[2012/02/08 19:45:20 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Local\{970454D3-F622-4685-B5D9-1959C142789E}
[2012/02/07 17:54:51 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\space
[2012/02/04 23:07:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/04 23:07:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/04 23:07:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/04 23:07:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/01 17:42:28 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Local\{85F7C750-DF4E-4148-9A18-EE57D62776B7}
[2012/02/01 13:46:14 | 000,000,000 | ---D | C] -- C:\Users\lola\Documents\gegl-0.0
[2012/02/01 10:44:42 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\lola\Desktop\tdsskiller.exe
[2012/01/31 14:51:11 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\music
[2012/01/31 02:24:38 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\haircolors
[2012/01/31 02:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMVU_Inc
[2012/01/28 14:46:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/01/27 14:20:50 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\MAT TODAY
[2012/01/27 14:12:49 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\RENDERS
[2012/01/26 17:27:10 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\PORTFOLIO
[2012/01/26 12:17:30 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\New folder
[2012/01/25 16:52:22 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\TODAY1
[2012/01/24 13:00:12 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\giaftiaximo2
[2012/01/24 12:51:29 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\TODAY
[2012/01/23 21:43:41 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\my first room
[2012/01/23 21:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/23 20:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/01/23 18:06:37 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Local\ElevatedDiagnostics
[2012/01/23 17:41:04 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\giaftiaximo
[2012/01/23 15:16:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/23 15:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/23 15:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/01/22 13:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/22 13:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/22 13:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/22 13:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/21 12:56:04 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/01/19 19:00:04 | 000,000,000 | ---D | C] -- C:\Users\lola\Documents\IMVU Projects
[2012/01/19 18:10:22 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Roaming\IMVU
[2012/01/19 18:10:18 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
[2012/01/19 18:10:14 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Roaming\IMVUClient
[2012/01/19 12:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lock Folder XP
[2012/01/19 12:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Everstrike Software
[2012/01/19 12:01:35 | 000,000,000 | ---D | C] -- C:\bleeping com defogger gmer
[2012/01/19 11:58:40 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\perles
[2012/01/19 11:55:09 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\romantic
[2012/01/19 11:54:19 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\collant
[2012/01/19 11:44:41 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\diary
[2012/01/16 16:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/16 14:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/01/16 14:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/01/15 17:56:31 | 000,070,344 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\CBDisk.sys
[2012/01/15 17:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacDrive 8
[2012/01/15 17:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour
[2012/01/15 17:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Mediafour
[2012/01/15 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mediafour
[2012/01/15 17:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2012/01/15 17:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediafour
[2012/01/15 16:13:00 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Roaming\PDAppFlex
[2012/01/15 15:39:40 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\snapshots
[2012/01/15 15:23:04 | 000,000,000 | ---D | C] -- C:\Users\lola\AppData\Roaming\Mozilla
[2011/12/14 06:32:47 | 007,791,616 | ---- | C] (Chaos Software Ltd) -- C:\Program Files\vray2011.dll
[2011/12/14 06:32:47 | 003,381,944 | ---- | C] (Intel Corporation) -- C:\Program Files\libmmd.dll
[2011/12/14 06:32:47 | 001,031,168 | ---- | C] (Joe Alter Inc) -- C:\Program Files\HairVrPrims2011.dll

========== Files - Modified Within 30 Days ==========

[2012/02/10 03:32:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lola\Desktop\OTL.exe
[2012/02/10 03:15:52 | 000,800,555 | ---- | M] () -- C:\Users\lola\Desktop\ListParts64.exe
[2012/02/10 03:10:30 | 000,293,832 | ---- | M] () -- C:\Users\lola\Desktop\2.jpg
[2012/02/10 03:06:52 | 000,000,132 | ---- | M] () -- C:\Users\lola\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/10 02:54:46 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 02:54:46 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 02:50:22 | 000,529,055 | ---- | M] () -- C:\Users\lola\Desktop\Untitled.png
[2012/02/10 02:47:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 02:47:25 | 3213,344,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/09 20:24:08 | 000,919,876 | ---- | M] () -- C:\Users\lola\Desktop\allie.png
[2012/02/09 18:11:05 | 000,001,424 | ---- | M] () -- C:\Users\lola\Desktop\ComboFix - Shortcut.lnk
[2012/02/09 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/02/08 04:16:25 | 000,237,568 | ---- | M] () -- C:\Users\lola\Desktop\1.max
[2012/02/08 03:53:44 | 000,061,216 | ---- | M] () -- C:\Users\lola\Desktop\khb.png
[2012/02/08 03:43:39 | 000,061,445 | ---- | M] () -- C:\Users\lola\Desktop\image.png
[2012/02/07 02:04:04 | 000,001,456 | ---- | M] () -- C:\Users\lola\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/06 03:27:42 | 685,509,041 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/04 14:27:25 | 000,786,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/04 14:27:25 | 000,657,220 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/04 14:27:25 | 000,122,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/01 14:02:37 | 000,002,736 | ---- | M] () -- C:\Users\lola\.recently-used.xbel
[2012/02/01 11:52:33 | 000,000,512 | ---- | M] () -- C:\Users\lola\Desktop\MBR.dat
[2012/02/01 10:44:55 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\lola\Desktop\tdsskiller.exe
[2012/01/31 04:37:30 | 000,001,840 | ---- | M] () -- C:\Users\lola\Desktop\IMVU.lnk
[2012/01/26 20:10:06 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/22 13:32:36 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/19 12:35:59 | 000,000,961 | ---- | M] () -- C:\Users\lola\Desktop\Lock Folder XP.lnk
[2012/01/18 11:39:49 | 000,001,235 | ---- | M] () -- C:\Users\lola\Desktop\Adobe Photoshop CS5.1.lnk
[2012/01/16 15:08:52 | 000,001,945 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/16 14:47:51 | 005,040,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/15 17:56:15 | 001,759,200 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/15 16:27:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/15 16:09:00 | 000,792,192 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/15 15:24:35 | 000,002,515 | ---- | M] () -- C:\Users\lola\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/15 15:24:35 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/15 15:23:00 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/15 14:42:31 | 000,000,000 | ---- | M] () -- C:\Users\lola\defogger_reenable

========== Files Created - No Company Name ==========

[2012/02/10 03:15:35 | 000,800,555 | ---- | C] () -- C:\Users\lola\Desktop\ListParts64.exe
[2012/02/10 03:10:28 | 000,293,832 | ---- | C] () -- C:\Users\lola\Desktop\2.jpg
[2012/02/10 02:50:22 | 000,529,055 | ---- | C] () -- C:\Users\lola\Desktop\Untitled.png
[2012/02/09 20:24:04 | 000,919,876 | ---- | C] () -- C:\Users\lola\Desktop\allie.png
[2012/02/09 18:10:54 | 000,001,424 | ---- | C] () -- C:\Users\lola\Desktop\ComboFix - Shortcut.lnk
[2012/02/08 04:16:23 | 000,237,568 | ---- | C] () -- C:\Users\lola\Desktop\1.max
[2012/02/08 03:53:43 | 000,061,216 | ---- | C] () -- C:\Users\lola\Desktop\khb.png
[2012/02/08 03:43:37 | 000,061,445 | ---- | C] () -- C:\Users\lola\Desktop\image.png
[2012/02/04 23:07:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/04 23:07:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/04 23:07:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/04 23:07:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/04 23:07:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 14:02:37 | 000,002,736 | ---- | C] () -- C:\Users\lola\.recently-used.xbel
[2012/02/01 11:52:33 | 000,000,512 | ---- | C] () -- C:\Users\lola\Desktop\MBR.dat
[2012/01/23 20:45:10 | 685,509,041 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/22 13:32:36 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/19 18:10:19 | 000,001,840 | ---- | C] () -- C:\Users\lola\Desktop\IMVU.lnk
[2012/01/19 12:35:59 | 000,000,961 | ---- | C] () -- C:\Users\lola\Desktop\Lock Folder XP.lnk
[2012/01/18 11:39:49 | 000,001,235 | ---- | C] () -- C:\Users\lola\Desktop\Adobe Photoshop CS5.1.lnk
[2012/01/16 16:49:52 | 000,001,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012/01/16 16:49:16 | 000,001,235 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2012/01/16 16:47:51 | 000,001,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012/01/16 16:47:27 | 000,001,290 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/01/16 16:46:09 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/01/16 16:46:04 | 000,001,563 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/01/16 16:45:30 | 000,001,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/01/16 14:47:36 | 005,040,352 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/15 16:08:45 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/15 15:24:35 | 000,002,515 | ---- | C] () -- C:\Users\lola\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/15 15:24:35 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/01/15 15:24:35 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/15 15:23:00 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/15 15:23:00 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/15 14:42:31 | 000,000,000 | ---- | C] () -- C:\Users\lola\defogger_reenable
[2012/01/04 10:34:45 | 000,010,164 | -HS- | C] () -- C:\Users\lola\AppData\Local\082q623i2eq2h220vxh8xk4xi1613e0201lwhj03u13
[2012/01/04 10:34:45 | 000,010,164 | -HS- | C] () -- C:\ProgramData\082q623i2eq2h220vxh8xk4xi1613e0201lwhj03u13
[2012/01/02 17:33:42 | 000,013,476 | -HS- | C] () -- C:\Users\lola\AppData\Local\xwv1rnm6r23t8hnu572a56g15mvcf7mvms0254st0an
[2012/01/02 17:33:42 | 000,013,476 | -HS- | C] () -- C:\ProgramData\xwv1rnm6r23t8hnu572a56g15mvcf7mvms0254st0an
[2012/01/02 13:04:00 | 000,010,012 | -HS- | C] () -- C:\Users\lola\AppData\Local\0oc67wm7074v0yu646u82874xwcjy2650
[2012/01/02 13:04:00 | 000,010,012 | -HS- | C] () -- C:\ProgramData\0oc67wm7074v0yu646u82874xwcjy2650
[2012/01/02 09:48:12 | 000,010,140 | -HS- | C] () -- C:\Users\lola\AppData\Local\224f855d3hh4v420kir1sj6ms2735k3312rdnm03w44
[2012/01/02 09:48:12 | 000,010,140 | -HS- | C] () -- C:\ProgramData\224f855d3hh4v420kir1sj6ms2735k3312rdnm03w44
[2011/12/30 11:05:49 | 000,010,406 | -HS- | C] () -- C:\Users\lola\AppData\Local\rct5xnf0x63f7tcc612p60j28mdpr1oboe3214ef4be
[2011/12/30 11:05:49 | 000,010,406 | -HS- | C] () -- C:\ProgramData\rct5xnf0x63f7tcc612p60j28mdpr1oboe3214ef4be
[2011/12/28 15:06:08 | 000,009,728 | -HS- | C] () -- C:\Users\lola\AppData\Local\bvu7gtr5r37r7vyo442q44v30uxyg8jwnu6080nf4gy
[2011/12/28 15:06:08 | 000,009,728 | -HS- | C] () -- C:\ProgramData\bvu7gtr5r37r7vyo442q44v30uxyg8jwnu6080nf4gy
[2011/12/27 11:54:30 | 000,011,866 | -HS- | C] () -- C:\Users\lola\AppData\Local\425s852t3pp2i120grn7ha5be2540p3113bhst08l88
[2011/12/27 11:54:30 | 000,011,866 | -HS- | C] () -- C:\ProgramData\425s852t3pp2i120grn7ha5be2540p3113bhst08l88
[2011/12/14 06:32:48 | 000,172,032 | ---- | C] () -- C:\Program Files\vraydummy2011.max
[2011/12/14 06:32:48 | 000,143,360 | ---- | C] () -- C:\Program Files\vrayspawner2011.exe
[2011/12/14 06:32:48 | 000,011,798 | ---- | C] () -- C:\Program Files\vraydummy2011.xml
[2011/12/14 06:32:48 | 000,000,125 | ---- | C] () -- C:\Program Files\plugin.ini
[2011/12/08 05:21:06 | 000,010,828 | -HS- | C] () -- C:\Users\lola\AppData\Local\fyq1fe126563
[2011/12/08 05:21:06 | 000,010,828 | -HS- | C] () -- C:\ProgramData\fyq1fe126563
[2011/12/05 06:39:18 | 000,000,132 | ---- | C] () -- C:\Users\lola\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2011/11/20 05:19:39 | 000,001,620 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/11/19 01:30:35 | 000,001,456 | ---- | C] () -- C:\Users\lola\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/19 00:32:05 | 000,000,132 | ---- | C] () -- C:\Users\lola\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/11/07 14:54:48 | 000,005,120 | ---- | C] () -- C:\Users\lola\AppData\Local\Databases.db
[2011/11/02 11:23:59 | 000,000,132 | ---- | C] () -- C:\Users\lola\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/19 15:50:20 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/07/19 01:22:09 | 000,145,416 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/18 14:43:24 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/17 22:46:56 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/07/17 22:12:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/17 20:48:44 | 000,792,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/05 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\Audacity
[2011/12/04 21:56:51 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\Autodesk
[2011/07/18 23:27:25 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\AVG
[2011/07/18 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\AVG10
[2012/01/03 08:37:02 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\AVG2012
[2011/12/01 00:57:34 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/19 00:47:42 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\DriverCure
[2011/11/04 18:06:43 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\Dropbox
[2012/02/01 14:02:37 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\gtk-2.0
[2012/02/10 03:32:32 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\IMVU
[2011/10/31 17:32:04 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\IMVU Previewer
[2012/01/31 20:49:22 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\IMVUClient
[2012/01/02 13:52:10 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\kingsoft
[2011/07/19 00:47:42 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\ParetoLogic
[2012/01/15 16:13:00 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\PDAppFlex
[2012/01/03 20:46:12 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\Sammsoft
[2011/11/07 14:28:02 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\SecondLife
[2012/01/02 23:38:06 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\Simply Super Software
[2011/11/19 01:31:40 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/30 23:40:59 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\T3DE
[2011/10/17 17:25:28 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\TeamViewer
[2012/01/19 12:40:47 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\uTorrent
[2011/07/18 22:03:41 | 000,000,000 | ---D | M] -- C:\Users\lola\AppData\Roaming\WinZip
[2012/02/09 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/12/27 13:25:02 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/10/17 20:26:36 | 3325,396,862 | ---- | M] () -- C:\Autodesk_3ds_Max_2012_English_Win_32-64bit.exe


< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >



and here the extras:OTL Extras logfile created on: 2/10/2012 3:34:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\lola\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.68% Memory free
7.98 Gb Paging File | 6.21 Gb Available in Paging File | 77.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.53 Gb Total Space | 327.01 Gb Free Space | 70.25% Space Free | Partition Type: NTFS
Drive E: | 465.66 Gb Total Space | 310.00 Gb Free Space | 66.57% Space Free | Partition Type: HFSJ
Drive H: | 465.88 Gb Total Space | 180.69 Gb Free Space | 38.78% Space Free | Partition Type: HFSJ
Drive I: | 465.63 Gb Total Space | 203.86 Gb Free Space | 43.78% Space Free | Partition Type: NTFS

Computer Name: LOLA-PC | User Name: lola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4266930551-3808226452-1220228919-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java™ 6 Update 30 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52099562-C109-0409-BFF1-1C19149A8749}" = Autodesk 3ds Max Design 2012 64-bit - English
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{7346B4A0-1200-0110-0409-705C0D862004}" = Revit Architecture 2012
"{7346B4A0-1200-0111-0409-705C0D862004}" = Revit Architecture 2012 Language Pack - English
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F6D780C-53B8-4385-98BC-62F78F9E4C38}" = MacDrive 8
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2B7054B-EC2E-4E96-8666-FD6ED77678B2}" = Boot Camp Services
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"01D845C666B4FC04566E16B923F638B2A404807C" = Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
"0CB233C04CEB3FB45CEDFFEA9146B77B4B783FDA" = Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
"1864DCF02A292C57953B91D537026F4F1CA60D91" = Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
"269C8F82CDD61B0400CE8D6768EC084C59C63079" = Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
"285BA6738DB5393199CA6BC5837BAED53E8BA625" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (02/11/2010 3.1.0.0)
"294FF9FB7AF744F64B12EC12F83D8661CD9AD532" = Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
"2CD6536AAFFF9B465A871060CF483EC9F3341D29" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"2F702E803208BBC067CA18B3DCC9FC2CFDAE56E6" = Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
"3A8900CC8E77F2BF2269FEFF364561BDF86B9F27" = Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
"455287ECCB4BABCDE9C6713B82B1BDA990D55398" = Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
"5CC5D940D9F4B779FAAF12E7F75A212618ABEB7D" = Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
"680D5EED614F3F01A9AD4547E9D81CFE9B0E4902" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26)
"6F4B26C960BC665E637C424F12C4E8FF3ADF0C54" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
"703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8" = Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
"70C7CBB0824BF74552A2F28F5FFBF62A15053DA8" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"72B627097B72F7023F412161DFA6B3CF03E4E42B" = Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (03/01/2010 3.1.0.3)
"76830D11874044260C923425E7F5A72F25EDA758" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"7A95AB3A8BB8B7C75A0667B7159CE7AA827AE22B" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (03/24/2010 6.6001.1.24)
"91F52A595A7B2112937CED490A8C682CD03F945E" = Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"928D27B46C93CC78C6A130F0708335AAF4894DB0" = Windows Driver Package - Apple Inc. Apple Keyboard (03/24/2010 3.1.0.3)
"A0A897639A1D288A8B472FE790EBF9DB71E52ACF" = Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"A46476509EEBF9339F8D09C9507024E1093D4FA7" = Windows Driver Package - Apple Inc. Apple Wireless Trackpad (04/12/2010 3.1.0.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk 3ds Max Design 2012 64-bit - English" = Autodesk 3ds Max Design 2012 64-bit - English
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit
"Autodesk Revit Architecture 2012" = Autodesk Revit Architecture 2012
"B3F27F12C500003EFE44A668CE685DE4B46A735C" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"C6E8C9058AE1580C038DC5F715B0D4969F617CEF" = Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
"C840EA8E99FB237CC57769BB041F070E4F370C32" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.10.3.9)
"C9952C95B4A2ACCCBC684FC6E8182A3210DEDC13" = Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
"CCleaner" = CCleaner
"CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A" = Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)
"D088EE4BD2819FBA2B349EF9D55176F223419BE6" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
"D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)
"D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C" = Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"D701F1A58CF3028E88DA512D1423EC3DD6D7BE86" = Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
"E0EAD0CEA9119B77350ED4DE28D9A82E57014D94" = Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"E2708073906571A0B56F17FD825EF19281ECE29B" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"E43E2A40D22886250D739AEE91E9C7E9ABDD52DA" = Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
"E5AEAAF07505D71E430CCA10496FAE61597B81A2" = Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
"E8951DD23B8C356DA6C1428CA872050C5AD70DAF" = Windows Driver Package - Apple Inc. Apple Multitouch (02/11/2010 3.1.0.0)
"E92A2345EDF3FC39429C89D37FAF28AA7BAFF288" = Windows Driver Package - Broadcom (b57nd60a) Net (02/09/2010 14.0.0.7)
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
"EA3C044F6FD39CEC8F4F596836BF4197E97E1D39" = Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)
"F08FFCF5C857951E0CC5F736988F3D01BF425252" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
"F5E7472CCD6B3C1A568AEE4486C4BA0813A7D7AC" = Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"V-Ray for 3dsmax 2011 for x64" = V-Ray for 3dsmax 2011 for x64
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.10 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DA2B636-698A-3294-BF4A-B5E11B238CDD}" = Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
"{6F32D09F-DCC1-464F-A7F9-D72DEE8870C9}_is1" = Curtain Creator
"{703EC8AF-18E8-4A81-AEC6-8FF64AD76924}" = IMVU Cal3D Exporter for 3ds Max
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}" = Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A35461B1-DFFD-48AE-A672-3C96A08B6A96}" = Easy Subtitles Synchronizer
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}" = Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}" = Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1489-3350-5074-6281" = JDownloader 0.9
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Akamai" = Akamai NetSession Interface Service
"AlphaPlugins Curtains for After Effects_is1" = Curtains v.1.5
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ERUNT_is1" = ERUNT 1.1j
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"GOM Player" = GOM Player
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Professional 2010
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Spyware Doctor" = Spyware Doctor 8.0
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Ελληνικό AutoCAD Architecture 2011 64-bit - (Δεκ.2010)" = Ελληνικό AutoCAD Architecture 2011 64-bit - (Δεκ.2010)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4266930551-3808226452-1220228919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2012 9:00:26 PM | Computer Name = lola-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: TraverseDir : Unable to FindFirstFile. System
Error: Access is denied. .

Error - 1/18/2012 9:00:27 PM | Computer Name = lola-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: TraverseDir : Unable to FindFirstFile. System
Error: Access is denied. .

Error - 1/18/2012 10:42:09 PM | Computer Name = lola-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/18/2012 10:45:57 PM | Computer Name = lola-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 1/18/2012 11:11:06 PM | Computer Name = lola-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/18/2012 11:11:06 PM | Computer Name = lola-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584

Error - 1/18/2012 11:11:06 PM | Computer Name = lola-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584

Error - 1/19/2012 5:40:44 AM | Computer Name = lola-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/19/2012 5:40:44 AM | Computer Name = lola-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19088111

Error - 1/19/2012 5:40:44 AM | Computer Name = lola-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19088111

[ System Events ]
Error - 11/24/2011 4:51:35 PM | Computer Name = lola-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 11/24/2011 8:30:01 PM | Computer Name = lola-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 11/25/2011 4:44:51 PM | Computer Name = lola-PC | Source = DCOM | ID = 10010
Description =

Error - 11/28/2011 11:22:10 AM | Computer Name = lola-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 11/28/2011 12:18:19 PM | Computer Name = lola-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 11/28/2011 12:18:24 PM | Computer Name = lola-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.


< End of report >

thank you

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:49 PM

Posted 09 February 2012 - 09:41 PM

Hi,

It appears from your log that you have pirated software on your system

Please uninstall the pirated software so we may continue cleaning your machine,

not only is it illegal, but it is the number one source of infection that we see. It really is not woth the risk.

Bleeping Computer does not condone the use of pirated software.


Once the offending programs are removed from your system, please run the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
    IE - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    O3 - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\..\Toolbar\WebBrowser: (no name) - {40F5F417-32BB-4296-9446-C1E0094E7D82} - No CLSID value found.
    O3 - HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
    [2012/01/04 10:34:45 | 000,010,164 | -HS- | C] () -- C:\Users\lola\AppData\Local\082q623i2eq2h220vxh8xk4xi1613e0201lwhj03u13
    [2012/01/04 10:34:45 | 000,010,164 | -HS- | C] () -- C:\ProgramData\082q623i2eq2h220vxh8xk4xi1613e0201lwhj03u13
    [2012/01/02 17:33:42 | 000,013,476 | -HS- | C] () -- C:\Users\lola\AppData\Local\xwv1rnm6r23t8hnu572a56g15mvcf7mvms0254st0an
    [2012/01/02 17:33:42 | 000,013,476 | -HS- | C] () -- C:\ProgramData\xwv1rnm6r23t8hnu572a56g15mvcf7mvms0254st0an
    [2012/01/02 13:04:00 | 000,010,012 | -HS- | C] () -- C:\Users\lola\AppData\Local\0oc67wm7074v0yu646u82874xwcjy2650
    [2012/01/02 13:04:00 | 000,010,012 | -HS- | C] () -- C:\ProgramData\0oc67wm7074v0yu646u82874xwcjy2650
    [2012/01/02 09:48:12 | 000,010,140 | -HS- | C] () -- C:\Users\lola\AppData\Local\224f855d3hh4v420kir1sj6ms2735k3312rdnm03w44
    [2012/01/02 09:48:12 | 000,010,140 | -HS- | C] () -- C:\ProgramData\224f855d3hh4v420kir1sj6ms2735k3312rdnm03w44
    [2011/12/30 11:05:49 | 000,010,406 | -HS- | C] () -- C:\Users\lola\AppData\Local\rct5xnf0x63f7tcc612p60j28mdpr1oboe3214ef4be
    [2011/12/30 11:05:49 | 000,010,406 | -HS- | C] () -- C:\ProgramData\rct5xnf0x63f7tcc612p60j28mdpr1oboe3214ef4be
    [2011/12/28 15:06:08 | 000,009,728 | -HS- | C] () -- C:\Users\lola\AppData\Local\bvu7gtr5r37r7vyo442q44v30uxyg8jwnu6080nf4gy
    [2011/12/28 15:06:08 | 000,009,728 | -HS- | C] () -- C:\ProgramData\bvu7gtr5r37r7vyo442q44v30uxyg8jwnu6080nf4gy
    [2011/12/27 11:54:30 | 000,011,866 | -HS- | C] () -- C:\Users\lola\AppData\Local\425s852t3pp2i120grn7ha5be2540p3113bhst08l88
    [2011/12/27 11:54:30 | 000,011,866 | -HS- | C] () -- C:\ProgramData\425s852t3pp2i120grn7ha5be2540p3113bhst08l88
    [2011/12/08 05:21:06 | 000,010,828 | -HS- | C] () -- C:\Users\lola\AppData\Local\fyq1fe126563
    [2011/12/08 05:21:06 | 000,010,828 | -HS- | C] () -- C:\ProgramData\fyq1fe126563
    [2012/01/23 17:41:04 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\giaftiaximo
    [2012/01/24 13:00:12 | 000,000,000 | ---D | C] -- C:\Users\lola\Desktop\giaftiaximo2
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT


Please try and run ComboFix now, make sure your security programs are disabled and give it plenty of time to run.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 10 February 2012 - 02:50 AM

Okay here is the log file:


All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-4266930551-3808226452-1220228919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4266930551-3808226452-1220228919-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40F5F417-32BB-4296-9446-C1E0094E7D82} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F5F417-32BB-4296-9446-C1E0094E7D82}\ not found.
Registry value HKEY_USERS\S-1-5-21-4266930551-3808226452-1220228919-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
C:\Users\lola\AppData\Local\082q623i2eq2h220vxh8xk4xi1613e0201lwhj03u13 moved successfully.
C:\ProgramData\082q623i2eq2h220vxh8xk4xi1613e0201lwhj03u13 moved successfully.
C:\Users\lola\AppData\Local\xwv1rnm6r23t8hnu572a56g15mvcf7mvms0254st0an moved successfully.
C:\ProgramData\xwv1rnm6r23t8hnu572a56g15mvcf7mvms0254st0an moved successfully.
C:\Users\lola\AppData\Local\0oc67wm7074v0yu646u82874xwcjy2650 moved successfully.
C:\ProgramData\0oc67wm7074v0yu646u82874xwcjy2650 moved successfully.
C:\Users\lola\AppData\Local\224f855d3hh4v420kir1sj6ms2735k3312rdnm03w44 moved successfully.
C:\ProgramData\224f855d3hh4v420kir1sj6ms2735k3312rdnm03w44 moved successfully.
C:\Users\lola\AppData\Local\rct5xnf0x63f7tcc612p60j28mdpr1oboe3214ef4be moved successfully.
C:\ProgramData\rct5xnf0x63f7tcc612p60j28mdpr1oboe3214ef4be moved successfully.
C:\Users\lola\AppData\Local\bvu7gtr5r37r7vyo442q44v30uxyg8jwnu6080nf4gy moved successfully.
C:\ProgramData\bvu7gtr5r37r7vyo442q44v30uxyg8jwnu6080nf4gy moved successfully.
C:\Users\lola\AppData\Local\425s852t3pp2i120grn7ha5be2540p3113bhst08l88 moved successfully.
C:\ProgramData\425s852t3pp2i120grn7ha5be2540p3113bhst08l88 moved successfully.
C:\Users\lola\AppData\Local\fyq1fe126563 moved successfully.
C:\ProgramData\fyq1fe126563 moved successfully.
C:\Users\lola\Desktop\giaftiaximo\zak folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\xatzara tutorial folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\sodamachine folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\simple appartments folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\romantic dress folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\romantic alea\wrong folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\romantic alea\map-2 folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\romantic alea\alea folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\romantic alea folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\remains of the day folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\red telephone box folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\red phone folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Princess Room\samples folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Princess Room\pink folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Princess Room\green folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Princess Room\dresser folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Princess Room\bed folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Princess Room folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\portfolio folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Newco\planB_Vault\Furniture folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Newco\planB_Vault\chatRooms\materials folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Newco\planB_Vault\chatRooms folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Newco\planB_Vault folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Newco folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\music.o.o\Hey Eugene! folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\music.o.o\GOTAN PROJECT\Gotan Project - Unclassified folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\music.o.o\GOTAN PROJECT\Gotan Project - Peter Kruder & Antipop Consortium Remixes folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\music.o.o\GOTAN PROJECT\2006 Gotan Project - Mare Tranquillitatis folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\music.o.o\GOTAN PROJECT\2006 Gotan Project - Lunįtico - La Corporacion folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\music.o.o\GOTAN PROJECT\2006 Gotan Project - 2 Musikvideo folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\music.o.o\GOTAN PROJECT\2004 Gotan Project - Inspiracion Espiracion - La Corporacion folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\music.o.o\GOTAN PROJECT folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\music.o.o folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\middle ages folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\Spotlights\11 Spot Lights obj folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\Spotlights\11 Spot Lights max\material folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\Spotlights\11 Spot Lights max folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\Spotlights\11 Spot Lights gmax folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\Spotlights\11 Spot Lights fbx folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\Spotlights\11 Spot Lights 3ds folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\Spotlights folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\pens\HDRI folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\pens folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\magazines folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\ipod folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\iphone1\iphone_4_obj folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\iphone1\iphone_4_max folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\iphone1\iphone_4_3ds folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\iphone1 folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\disco ball\Disco Ball 2 fbx folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\disco ball\Disco Ball 2 3ds folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads\disco ball folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\max scenes turbosquid downloads folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\IMVUscenes\Newco\planB_Vault\Furniture folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\IMVUscenes\Newco\planB_Vault folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\IMVUscenes\Newco folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\IMVUscenes folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Image Pending folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\head folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\hairshader\source\shaderhlp folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\hairshader\source folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\hairshader\nt-x86\package folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\hairshader\nt-x86 folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\hairshader\doc folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\hairshader folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\hairimageproduct folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\hair folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\textures folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\sourceimages\.mayaSwatches folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\sourceimages folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\sound folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\scenes\.mayaSwatches folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\scenes folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\renderScenes folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\renderData\shaders folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\renderData\mentalRay\shadowMap folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\renderData\mentalRay\photonMap folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\renderData\mentalRay\lightMap folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\renderData\mentalRay\finalgMap folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\renderData\mentalRay folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\renderData\iprImages folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\renderData\depth folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\renderData folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\particles folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\mel folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\images\tmp folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\images folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\Fbx folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\DXF_FBX folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\data folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\clips folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya\3dPaintTextures folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Eye Maya folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\eye jpgs folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\dress top white folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\dress max folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\derrive folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\couch armchair folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\City center park project\park folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\City center park project folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\bella objects\imvu folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\bella objects\Bella Final Objects folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\bella objects folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\Ant folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo\1stroom folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo folder moved successfully.
C:\Users\lola\Desktop\giaftiaximo2 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\lola\Desktop\cmd.bat deleted successfully.
C:\Users\lola\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: lola
->Temp folder emptied: 408722768 bytes
->Temporary Internet Files folder emptied: 174367531 bytes
->Java cache emptied: 13576415 bytes
->FireFox cache emptied: 5686308 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 121796608 bytes
->Flash cache emptied: 11970 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 300772 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 691.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02102012_093938

Files\Folders moved on Reboot...
C:\Users\lola\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#12 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 10 February 2012 - 08:46 AM

Hi,
I started run Combofix at 10.00am, it took 5 minutes to go to completed stage _49 so I let it run, but until 3.30pm was still on completed stage_49.


Thank you

Edited by jeane30, 10 February 2012 - 08:46 AM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:49 PM

Posted 10 February 2012 - 06:11 PM

Hi,

It sounds as though it is getting stuck on one particular process

please try it this way

start ComboFix using this command:

Press the WinKey + R to open a run box:

Copy/paste the following text into the open run box > Click OK

ComboFix /nombr

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 jeane30

jeane30
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 16 February 2012 - 12:23 PM

Hi,
well I think I may have to delete windows partition and run windows again, because I can't run combofix also another trojan was found the other day while scanning, and I keep having error messages and when I try to reboot it just freezes in logging off.

I would like to ask you if these problems will disappear or is a permanent problem on hard disc?

Thank you very much for your help!

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:49 PM

Posted 16 February 2012 - 08:01 PM

Let's have a look at what it is with another tool


please run the following:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users