Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with ping.exe


  • This topic is locked This topic is locked
23 replies to this topic

#1 Monkey D. Luffy

Monkey D. Luffy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 13 May 2012 - 09:53 AM

Hello, I have just registered this account and am fairly new to this website :D I have a custom built PC, windows 7 64bit. I was checking task manager about 3 days ago (around then) and found 3 things running called "PING.EXE" and each one was using 100-250k. My computer started lagging like crazy when I was playing video games on it, how do I remove this virus? I have tried malwarebytes and nothing changed, I tried hijackthis and nothing changed, and even kaspersky and nothing changed. After a scan using one of those programs, I restart my computer, ping.exe is removed, but then it comes back 5 minutes later :( I keep getting redirected when I'm on google. Sorry if this is really long, bear with me ^_^

BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:58 PM

Posted 13 May 2012 - 10:36 AM

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#3 Monkey D. Luffy

Monkey D. Luffy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 13 May 2012 - 12:00 PM

Sorry for the late reply, this is what the OTL.Txt has:

OTL logfile created on: 5/13/2012 12:52:38 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\admin\Downloads
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 37.46% Memory free
8.00 Gb Paging File | 5.18 Gb Available in Paging File | 64.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 247.04 Gb Free Space | 26.52% Space Free | Partition Type: NTFS

Computer Name: UNICORN | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/13 12:46:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
PRC - [2012/03/14 10:04:38 | 000,049,321 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2012/02/23 19:11:10 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/12/12 19:21:54 | 022,459,984 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\oovoo\ooVoo.exe
PRC - [2011/11/26 15:11:41 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/02 11:41:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/09/01 00:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/05/05 17:56:06 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2010/04/27 15:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/21 13:13:32 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/04/21 13:13:32 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/04/21 13:13:32 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/04/21 13:13:32 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/04/21 13:13:32 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/03/14 21:02:21 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2012/03/14 21:02:21 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
MOD - [2012/03/14 21:02:21 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2012/03/14 21:02:21 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2012/03/14 21:02:21 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2012/03/14 21:02:21 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2012/03/14 21:02:21 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2012/03/14 21:02:21 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2012/03/14 21:02:21 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
MOD - [2012/03/14 10:04:40 | 000,145,897 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
MOD - [2012/03/14 10:04:40 | 000,063,326 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
MOD - [2012/03/14 10:04:40 | 000,044,389 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
MOD - [2012/03/14 10:04:40 | 000,040,118 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
MOD - [2012/03/14 10:04:40 | 000,036,197 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
MOD - [2012/03/14 10:04:40 | 000,030,942 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
MOD - [2012/03/14 10:04:40 | 000,024,616 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
MOD - [2012/03/14 10:04:40 | 000,024,235 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll
MOD - [2012/03/14 10:04:40 | 000,024,031 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
MOD - [2012/03/14 10:04:40 | 000,023,542 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
MOD - [2012/03/14 10:04:40 | 000,023,498 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
MOD - [2012/03/14 10:04:40 | 000,022,976 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll
MOD - [2012/03/14 10:04:40 | 000,020,495 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
MOD - [2012/03/14 10:04:40 | 000,018,592 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
MOD - [2012/03/14 10:04:40 | 000,018,119 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
MOD - [2012/03/14 10:04:40 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
MOD - [2012/03/14 10:04:40 | 000,015,592 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
MOD - [2012/03/14 10:04:40 | 000,015,546 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll
MOD - [2012/03/14 10:04:40 | 000,014,710 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
MOD - [2012/03/14 10:04:40 | 000,012,822 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
MOD - [2012/03/14 10:04:40 | 000,011,356 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
MOD - [2012/03/14 10:04:40 | 000,010,753 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
MOD - [2012/03/14 10:04:40 | 000,010,716 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll
MOD - [2012/03/14 10:04:40 | 000,010,667 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll
MOD - [2012/03/14 10:04:40 | 000,009,767 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll
MOD - [2012/03/14 10:04:40 | 000,007,803 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll
MOD - [2012/03/14 10:04:38 | 000,323,801 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll
MOD - [2012/03/14 10:04:38 | 000,284,936 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
MOD - [2012/03/14 10:04:38 | 000,248,914 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll
MOD - [2012/03/14 10:04:38 | 000,190,403 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll
MOD - [2012/03/14 10:04:38 | 000,178,081 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll
MOD - [2012/03/14 10:04:38 | 000,117,957 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
MOD - [2012/03/14 10:04:38 | 000,093,436 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
MOD - [2012/03/14 10:04:38 | 000,087,621 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
MOD - [2012/03/14 10:04:38 | 000,087,595 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
MOD - [2012/03/14 10:04:38 | 000,076,298 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll
MOD - [2012/03/14 10:04:38 | 000,071,089 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
MOD - [2012/03/14 10:04:38 | 000,019,699 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
MOD - [2012/03/14 10:04:38 | 000,015,260 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
MOD - [2012/03/14 10:04:38 | 000,014,681 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll
MOD - [2012/03/14 10:04:38 | 000,012,818 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
MOD - [2012/03/14 10:04:38 | 000,012,794 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll
MOD - [2012/03/14 10:04:38 | 000,011,804 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll
MOD - [2012/03/14 10:04:38 | 000,011,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
MOD - [2012/03/14 10:04:38 | 000,010,873 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll
MOD - [2012/03/14 10:04:38 | 000,009,946 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
MOD - [2012/03/14 10:04:38 | 000,009,052 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
MOD - [2012/03/14 10:04:38 | 000,008,664 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
MOD - [2012/03/14 10:04:24 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll
MOD - [2012/03/14 10:04:22 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2012/03/14 09:59:20 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll
MOD - [2012/03/14 09:58:58 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll
MOD - [2012/03/14 09:58:56 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
MOD - [2012/03/14 09:58:56 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
MOD - [2012/03/14 09:58:24 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/05 17:56:06 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2010/04/27 15:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/10/26 22:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\pptpminiport.dll -- (thotkey)
SRV - [2012/03/20 18:34:44 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/26 15:11:41 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/09 13:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2010/12/10 17:21:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/20 18:03:26 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2010/12/20 18:03:26 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2010/11/21 17:09:25 | 000,867,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/10/27 00:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/26 22:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/24 08:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/23 18:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/23 17:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2010/01/29 01:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/21 22:50:00 | 000,007,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/18 15:20:00 | 000,180,280 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)
DRV:64bit: - [2009/08/10 16:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/12 14:37:00 | 000,106,040 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 16:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/07/26 16:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 535492673
IE - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com
IE - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000\..\SearchScopes,DefaultScope = {44CEBADB-CDFF-9EAB-F281-F42481FC1B35}
IE - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000\..\SearchScopes\{44CEBADB-CDFF-9EAB-F281-F42481FC1B35}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/07 19:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/17 21:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2012/04/12 14:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\de9xgtf4.default\extensions
[2012/04/11 00:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/07 19:44:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DE9XGTF4.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiohpgnekmcmeenadepdlppklpkckn\2.0_0\plugin/npcapture.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: UploadScreenshot.com = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiohpgnekmcmeenadepdlppklpkckn\2.0_0\
CHR - Extension: Latest News :: TorrentLeech.org = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\famejbagjpkfldppfkmcbmplnnebldeb\2012.5.12.899_0\
CHR - Extension: MouseHunt AutoBot = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgifpdckjdccaagjmjnbggkicanonngc\1.26_0\
CHR - Extension: AdBlock = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: FlashBlock = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: Pooflinger's Mousehuntizer = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpkbgihonojjkadodeodbjdkmnoflii\1.0_0\
CHR - Extension: Gmail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe File not found
O4 - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background File not found
O4 - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\oovoo\ooVoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000..\Run: [U4Q7WMJ6WVZB8] C:\Users\admin\AppData\Roaming\QL64NPHF8JC.exe File not found
O4 - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01B8E9EF-9166-4E2E-A277-F7367334B459}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{76cb82d7-f5b3-11df-a2d7-20cf30e29b3f}\Shell - "" = AutoRun
O33 - MountPoints2\{76cb82d7-f5b3-11df-a2d7-20cf30e29b3f}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{cad7dcb1-859a-11e0-9b2d-20cf30e29b3f}\Shell - "" = AutoRun
O33 - MountPoints2\{cad7dcb1-859a-11e0-9b2d-20cf30e29b3f}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 16:22:47 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012/05/08 16:22:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/08 16:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/08 16:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/07 18:46:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/07 18:46:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/07 18:46:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/07 18:46:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/07 18:46:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/07 18:46:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/07 18:46:46 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/07 17:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/05/05 17:35:43 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/05/04 16:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/04 16:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/18 19:18:23 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2012/04/18 19:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/04/18 19:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/04/17 21:56:02 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\VS Revo Group
[2012/04/17 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Download
[2012/04/17 21:50:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Media Finder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/13 12:09:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1617655315-3413906698-3447732237-1000UA.job
[2012/05/13 09:28:23 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/05/13 09:27:23 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2012/05/13 09:27:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/13 09:27:13 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/12 23:09:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1617655315-3413906698-3447732237-1000Core.job
[2012/05/09 07:22:35 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/09 07:22:35 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/09 07:22:35 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/08 16:22:41 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 15:16:58 | 000,007,605 | ---- | M] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg
[2012/05/07 17:37:14 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/07 07:21:13 | 000,012,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 07:21:12 | 000,012,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 16:05:31 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/02 11:10:59 | 000,002,363 | ---- | M] () -- C:\Users\admin\Desktop\Google Chrome.lnk
[2012/04/18 19:18:24 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/04/14 14:42:43 | 000,000,565 | ---- | M] () -- C:\Users\admin\AppData\Roaming\myMPQ.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/08 16:22:41 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/07 18:46:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/07 18:46:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/07 18:46:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/07 18:46:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/07 18:46:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/07 17:37:14 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/07 15:46:23 | 000,007,605 | ---- | C] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg
[2012/05/05 17:36:50 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/18 19:18:24 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/11/26 15:11:56 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/26 15:11:41 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/25 17:45:10 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2011/11/25 17:45:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2011/11/25 17:45:10 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2011/08/08 22:07:40 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/08/06 18:34:31 | 000,227,328 | ---- | C] () -- C:\Users\admin\AppData\Roaming\chrtmp
[2011/07/19 11:59:39 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/02/08 22:55:38 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/22 16:17:15 | 000,000,565 | ---- | C] () -- C:\Users\admin\AppData\Roaming\myMPQ.ini
[2010/11/21 02:36:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/21 02:12:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/11/21 02:11:59 | 000,035,593 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/09/17 14:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/07/08 08:03:30 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE

========== LOP Check ==========

[2012/04/29 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft
[2012/05/13 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.purple
[2011/01/16 14:42:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\acccore
[2012/04/07 19:50:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Aventail
[2012/02/10 21:13:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Bioshock
[2012/04/07 20:02:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ConnectPortal
[2012/05/13 00:03:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\foobar2000
[2011/01/30 19:26:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GetRightToGo
[2012/03/28 20:07:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\gtk-2.0
[2012/03/28 21:18:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LolClient
[2012/04/18 19:42:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Finder
[2010/12/21 14:34:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MSNInstaller
[2011/10/06 22:35:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ooVoo Details
[2011/11/25 17:54:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PowerUp Software
[2011/04/04 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Publish Providers
[2011/11/26 15:11:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PunkBuster
[2010/12/25 00:32:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Razer
[2012/02/14 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sony
[2011/07/08 13:05:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SumatraPDF
[2012/01/13 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer
[2011/11/20 21:22:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ubisoft
[2012/05/13 12:53:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent
[2011/09/03 08:12:48 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >







And this is what the Extras.Txt has:


OTL Extras logfile created on: 5/13/2012 12:52:38 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\admin\Downloads
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 37.46% Memory free
8.00 Gb Paging File | 5.18 Gb Available in Paging File | 64.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 247.04 Gb Free Space | 26.52% Space Free | Partition Type: NTFS

Computer Name: UNICORN | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15F3E45B-3784-4624-A5C7-5CAEFE0B750B}" = lport=56467 | protocol=6 | dir=in | name=pando media booster |
"{25AFFFD2-7818-4E30-AB35-B90A540E6B7E}" = lport=56467 | protocol=17 | dir=in | name=pando media booster |
"{3961CCF1-B5CE-40D4-A342-D1A747BAC23C}" = lport=56467 | protocol=6 | dir=in | name=pando media booster |
"{BE55C8C3-AF7A-4A27-AA21-90D8835402F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DF3CB84E-3E32-4970-9503-1C9E7456316F}" = lport=56467 | protocol=17 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000EB1B7-1FDB-4FC6-BE19-C055BE5D7E81}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{0EB67C9E-0A2F-4C0D-8B3B-8F06090401C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{179BB6EB-FDC6-418A-8C60-259E7D921C56}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{186C2CE5-3CC4-41BA-BEA0-2CCE27F75DB9}" = protocol=17 | dir=in | app=f:\ca\nmservice.exe |
"{1A91EAA0-C65C-4C01-B6BB-0E6060FF9AE2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{233DD1BC-4973-4D73-9F6C-D6867D121CB2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{26517F8E-0904-4009-8CA1-DE0EC144ED70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{27B75D63-AD47-4D39-B6E9-F2CD83567BF6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{2DD61D94-C7D4-4850-8662-6626B3B44EE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{336D612B-6D34-4D8E-8493-E5C618F08A9C}" = protocol=6 | dir=in | app=c:\program files (x86)\combat arms\nmservice.exe |
"{347D0192-26AD-4309-A1D4-FBA98EC1B2C5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{34EC3B9B-BD2A-40A5-8099-CC95421C82F9}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{3750A5FA-0AE3-4E87-8A75-3E633B2EFD7B}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{3A593DB2-8DCE-45DB-9E7C-CC1DCEEFA519}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{3EC9540A-3B7C-4D1C-B8D7-F1DB8D10CF28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3EDF26ED-71A5-4CF9-A822-47B1CC797E62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\theiconoclast31\counter-strike source\hl2.exe |
"{3EF45C2A-392D-4720-B0AC-A8237F9748E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{421DF182-4DCA-40F1-AE4E-E67A635FC30C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{42253BEF-A547-443B-80F6-99FCC2D7BF65}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{4A819F42-A85B-43CB-B79F-4E9343FEF807}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{50F92160-A723-4DBD-A377-3C560A3745EF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{54024AD8-3C22-40F1-A4AB-1FB3AE079D58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{5AE0A241-9F2F-4E1F-85D1-7856FE8E07DC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{5ECE3665-CF70-49C4-BF51-140A58C8D8FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\theiconoclast31\counter-strike source\hl2.exe |
"{6094F006-BEA4-476D-A566-0915CDDA94AA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6EAA6915-8A13-48C6-8119-E708B046D31A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{78B49A77-1B35-4B79-8B36-C387704BFED1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7A87F9A0-8D52-423B-A989-F957CC4CE335}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{7E84CBBB-5D10-4492-9B88-1A0560BED32C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{813B6EFB-5EAC-4246-886B-0E1F5EFE8953}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{83D779AD-BCFA-497B-8502-28E02D495C62}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{88EABCE7-E2E6-4354-A0DA-ECF62FB99A51}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8D93BB50-5870-482A-92BD-E531C154A215}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{9304B808-6D13-4A6D-A614-C67A6B8306CE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{935072A4-BED9-4878-BE21-5BB1373516B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{9BD79247-9CC6-414E-80E6-B025C8D7CCBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{9D8F3BF5-816F-4CD8-9393-1BE4A67EB218}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{A70F44EE-E41E-4FA0-B407-1D460A611B33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{A733D9B0-2E56-48B0-BC3A-B8F099B2A21E}" = protocol=6 | dir=in | app=f:\combat arms\nmservice.exe |
"{A8A15FB6-763C-4141-9C61-E9A1DE1BBA77}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{AE9B8C07-4AC5-41C6-B477-11745E5AE9D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B253EB31-03B0-4A43-B3E1-353684A4DBFE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B255703B-98DF-4F12-A0BD-3225142349C7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B30D56A6-5688-4970-9D77-A5C2148C7A42}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B413DFC0-3446-4DFF-807D-7E160D21B35B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B5669ADF-B82A-44B5-8C5B-329D3737D33B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{B612F282-71F0-4C93-BC00-DDAD6868BF4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe |
"{B6A75038-BC82-4EF6-ACAE-0617B846847B}" = protocol=6 | dir=in | app=f:\ca\nmservice.exe |
"{BB8A8E9B-9D9E-43E7-BF1B-C2C37A0FBABB}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{BBB71D21-D50C-4239-A8FB-0049BEFF97AD}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{BC7D9599-7494-4371-96AC-369D11496505}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{BFF473E9-74EF-4B01-9B65-5F920240BFF2}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C6F1B44E-EA93-4202-A884-522EEECE4D75}" = protocol=17 | dir=in | app=f:\combat arms\nmservice.exe |
"{CC10F7A6-B132-450C-BA55-303111CBFCFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CCCB602A-EA4D-45FE-A75B-1C4DE7B40012}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CCCFD5AE-3685-400D-8459-0EBE517F86B0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D2DD9EE5-B1F6-4D3D-88D9-2D2286A36EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe |
"{D39423D1-40B3-4082-A949-A223C7B99EC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D5715161-0B3C-4FF2-88DD-2753FE5CC9BD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D5F5EE51-FC01-4441-9932-4F8739ABABE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{DB693F87-7EB4-4222-9855-B56FA3BBEF79}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{E94DE641-6D37-47D8-86B0-FEE75382897E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EEA4A8F1-6BBE-45AC-90EA-0974EB353945}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F15D642F-604A-4D61-8157-81C752CDE593}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F2B51613-D582-4690-A782-C927B2B4DF55}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F36EBFFC-F2C2-4819-87F4-CE9133E83F33}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F59F688A-F465-47BA-8F2D-182E74564403}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FDF56BA1-265A-4267-B7A6-6AEC533254CB}" = protocol=17 | dir=in | app=c:\program files (x86)\combat arms\nmservice.exe |
"TCP Query User{04EF8E31-343A-4B82-BA48-17703F102FF9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{3646C0AC-C6A1-4BC7-A88F-3827B433F62C}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{3806245F-848B-41A2-B851-BA315540214D}C:\users\admin\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"TCP Query User{391CB953-05FF-44C7-BA92-CE9FFD930D4C}C:\users\admin\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\admin\downloads\starcraft_2_na_en-us.exe |
"TCP Query User{3BBA9A74-13F3-4EAF-9287-245EC5A800FB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{435073B8-3FDE-44C7-96E1-1C6A78D444F5}F:\combat arms\engine.exe" = protocol=6 | dir=in | app=f:\combat arms\engine.exe |
"TCP Query User{4746EE06-4C16-4A0A-875F-2456724F5D54}C:\program files (x86)\steam\steamapps\theiconoclast31\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\theiconoclast31\team fortress 2\hl2.exe |
"TCP Query User{4CA1EDAF-ECA3-40F2-970F-AF4B6AB01526}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{55845905-42A6-4321-8B06-7D5001ACA533}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{5634F521-9227-498D-B8A2-14027E54B358}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{5E0A5893-4244-4EB1-8E84-9A4B0402628B}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"TCP Query User{654E66F7-A664-446C-963C-1F955F63D3B3}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{95C17F3E-7694-4CE8-ADB7-DE153D010A33}C:\program files (x86)\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\combat arms\engine.exe |
"TCP Query User{C0D89C08-CB3A-4141-A392-A06110D46228}F:\ca\engine.exe" = protocol=6 | dir=in | app=f:\ca\engine.exe |
"TCP Query User{C1722736-D7B6-42BA-A089-07F47205E6CE}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{D87C55BF-1229-4201-B57A-D1E70F6B6375}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{F45BCF45-424D-4E38-8954-CC79BD4539EF}F:\cheat engine\maplestory\soulms.exe" = protocol=6 | dir=in | app=f:\cheat engine\maplestory\soulms.exe |
"TCP Query User{F4CC1A9E-49D7-4217-AF83-1277F8FACD22}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{04A09912-1975-4219-BC26-2F6054996CA3}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{093AC582-2121-47F2-BBA3-4ADFF5147D72}F:\combat arms\engine.exe" = protocol=17 | dir=in | app=f:\combat arms\engine.exe |
"UDP Query User{0C56E84F-A482-40C9-8A78-F66CB664DBAA}C:\program files (x86)\steam\steamapps\theiconoclast31\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\theiconoclast31\team fortress 2\hl2.exe |
"UDP Query User{1B002675-A313-4367-8FA6-71393947EECE}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{3D87BB38-930E-4FCC-AC82-60E7441EF262}F:\ca\engine.exe" = protocol=17 | dir=in | app=f:\ca\engine.exe |
"UDP Query User{7703E4F5-4973-450C-B420-BBB540F3FD38}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{7D4436D4-9EA7-4119-8635-4E6AEB73623E}C:\users\admin\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\admin\downloads\starcraft_2_na_en-us.exe |
"UDP Query User{85313314-1807-49A0-84EB-71CE71A88596}C:\program files (x86)\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\combat arms\engine.exe |
"UDP Query User{969EC36D-687A-4726-A890-981BB9093387}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{B8130965-EF70-43D5-B62C-6503EB7DD3CD}F:\cheat engine\maplestory\soulms.exe" = protocol=17 | dir=in | app=f:\cheat engine\maplestory\soulms.exe |
"UDP Query User{B9519FD3-682C-42EE-ABBE-6BF52F1E457F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{BE8E4A0D-8B51-4DB4-9756-B64DA3722F36}C:\users\admin\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"UDP Query User{C7D5A821-9DCE-4075-B5AB-330ED5F4B0F5}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{C8F05D7F-BC08-4180-A98F-E770BC434CAA}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{CBEB0A04-08AF-4B84-9896-ABDAC6CA9229}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{EE523BD9-245A-4ADA-83A2-E2D2CF25D33B}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{F76DF765-FC40-4AC6-95EE-90276B225CA0}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"UDP Query User{F9A30EE6-E7C6-492E-BB40-0D01553E2051}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java™ 7 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{54D44AD1-A083-48B9-BD6F-AFD517B7C775}" = Aventail Webifiers
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"foobar2000" = foobar2000 v1.1.1
"HFSExplorer" = HFSExplorer 0.21
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42720" = Call of Duty Black Ops - Remote Console
"Steam App 440" = Team Fortress 2
"Steam App 99900" = Spiral Knights
"SumatraPDF" = SumatraPDF
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WBFS Manager 3.0" = WBFS Manager 3.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1617655315-3413906698-3447732237-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2012 4:01:40 PM | Computer Name = Unicorn | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/7/2012 4:49:34 PM | Computer Name = Unicorn | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/7/2012 5:05:47 PM | Computer Name = Unicorn | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/7/2012 5:05:59 PM | Computer Name = Unicorn | Source = System Restore | ID = 8210
Description =

Error - 5/7/2012 5:15:44 PM | Computer Name = Unicorn | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/7/2012 5:15:51 PM | Computer Name = Unicorn | Source = System Restore | ID = 8210
Description =

Error - 5/7/2012 5:19:45 PM | Computer Name = Unicorn | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/7/2012 5:19:54 PM | Computer Name = Unicorn | Source = System Restore | ID = 8210
Description =

Error - 5/7/2012 5:37:14 PM | Computer Name = Unicorn | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF66 Description:Windows did not pass genuine validation.
You may be a victim of software counterfeiting.. Security Essentials is available
for use on genuine licensed Windows PCs. To complete installation of Security
Essentials, click Go online and resolve now and get genuine Windows. After validating
your system, run the Security Essentials Installation Wizard. <a id=link1>Go
online and resolve now</a> Error code:0x8004FF66.

Error - 5/7/2012 6:01:52 PM | Computer Name = Unicorn | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ System Events ]
Error - 5/13/2012 9:27:04 AM | Computer Name = Unicorn | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 5/13/2012 9:27:21 AM | Computer Name = Unicorn | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/13/2012 9:27:22 AM | Computer Name = Unicorn | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 5/13/2012 9:27:22 AM | Computer Name = Unicorn | Source = Service Control Manager | ID = 7000
Description = The MSCamSvc service failed to start due to the following error: %%2

Error - 5/13/2012 9:27:23 AM | Computer Name = Unicorn | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 5/13/2012 9:27:24 AM | Computer Name = Unicorn | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/13/2012 9:27:25 AM | Computer Name = Unicorn | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 5/13/2012 9:27:25 AM | Computer Name = Unicorn | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 5/13/2012 9:27:25 AM | Computer Name = Unicorn | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/13/2012 9:27:30 AM | Computer Name = Unicorn | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

#4 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:58 PM

Posted 13 May 2012 - 12:40 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    File not found (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DE9XGTF4.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM\\
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O4 - HKU\S-1-5-21-1617655315-3413906698-3447732237-1000..\Run: [U4Q7WMJ6WVZB8] C:\Users\admin\AppData\Roaming\QL64NPHF8JC.exe File not found
    O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
    [2012/05/05 17:35:43 | 000,000,000 | ---D | C] -- C:\Windows\system64
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2011/08/06 18:34:31 | 000,227,328 | ---- | C] () -- C:\Users\admin\AppData\Roaming\chrtmp
    [C:\Windows\system64] -> \systemroot\system32 -> Mount Point
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#5 Monkey D. Luffy

Monkey D. Luffy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 13 May 2012 - 01:17 PM

Hi I'm in a crisis right now, I ran OTL and did exactly what you said but an error came up, "no such file host is found" and when I tried to hit OK my pc shut down. I cannot boot my pc, currently I'm typing from my iPad, what should I do?

#6 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:58 PM

Posted 13 May 2012 - 01:35 PM

Please restart your computer in Last known good contiguration:

  • If the computer is running, restart Windows.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Last known good configuration option is selected.
  • Press Enter. The computer then begins to boot.

If you fail to restore it to Last known good configuration then try Safe mode

Please restart in safe mode:

  • If the computer is running, restart Windows.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to boot in Safe mode.




After doing the above, please follow the ComboFix instructions from my previous post.

Edited by Gammo, 13 May 2012 - 01:35 PM.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#7 Monkey D. Luffy

Monkey D. Luffy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 13 May 2012 - 01:49 PM

When I start tapping the F8 key the computer does not load differently, it takes me to the "Startup Repair" and it fails to load I can't load in safe mode, I can only access command prompt as my only option.

#8 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:58 PM

Posted 13 May 2012 - 04:39 PM

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#9 Monkey D. Luffy

Monkey D. Luffy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 14 May 2012 - 05:14 PM

This is what the file says:

Scan result of Farbar Recovery Scan Tool Version: 13-05-2012
Ran by SYSTEM at 14-05-2012 18:11:00
Running from E:\
Windows 7 Enterprise (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [251392 2010-05-05] ()
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\admin\...\Run: [Google Update] "C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-11-20] (Google Inc.)
HKU\admin\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [740216 2012-02-23] (BitTorrent, Inc.)
HKU\admin\...\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background [x]
HKU\admin\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
HKU\admin\...\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [x]
HKU\admin\...\Run: [ooVoo.exe] C:\Program Files (x86)\oovoo\ooVoo.exe /minimized [22459984 2011-12-12] (ooVoo LLC)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.250.0.12
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-26] ()
2 thotkey; C:\Windows\System32\pptpminiport.dll [6656 2009-07-13] (Oak Technology Inc.)
2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [x]
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [x]

========================== Drivers (Whitelisted) =============

3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [116752 2010-09-24] (ATI Technologies, Inc.)
3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [47104 2009-08-10] (Cypress Semiconductor)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 Mkd2Nadr; C:\Windows\System32\Drivers\Mkd2Nadr.sys [106040 2009-03-12] (AhnLab, Inc.)
3 Mkd3kfNt; C:\Windows\System32\Drivers\Mkd3kfNt.sys [180280 2009-08-18] (AhnLab, Inc.)
3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [36720 2010-01-28] (Microsoft Corporation)
3 msloop; C:\Windows\System32\DRIVERS\loop.sys [7680 2009-07-13] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 Revoflt; C:\Windows\System32\Drivers\Revoflt.sys [31800 2009-12-30] (VS Revo Group)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2010-11-21] (Duplex Secure Ltd.)
3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [x]
3 ALSysIO; \??\C:\Users\admin\AppData\Local\Temp\ALSysIO64.sys [x]
3 cpuz134; \??\C:\Users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [x]
3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [x]
3 X6va003; \??\C:\Users\admin\AppData\Local\Temp\003DDE0.tmp [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: thotkey

============ One Month Created Files and Folders ==============

2012-05-14 18:10 - 2012-05-14 18:11 - 0000000 ____D C:\FRST
2012-05-13 09:53 - 2012-05-13 09:53 - 0000000 ____D C:\_OTL
2012-05-13 08:56 - 2012-05-13 08:56 - 0000000 ____D C:\Virus Logs
2012-05-13 08:55 - 2012-05-13 08:55 - 0097782 ____A C:\Users\admin\Downloads\OTL.Txt
2012-05-13 08:55 - 2012-05-13 08:55 - 0076050 ____A C:\Users\admin\Downloads\Extras.Txt
2012-05-13 08:46 - 2012-05-13 08:46 - 0595456 ____A (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2012-05-12 15:30 - 2012-05-12 15:30 - 0002605 ____A C:\Users\admin\Downloads\Shark.Tank.S03E14.HDTV.x264-2HD.torrent
2012-05-08 19:23 - 2012-05-08 19:23 - 5527040 ____A C:\Users\admin\Downloads\south_africa_geography__2012__Wc_version.ppt
2012-05-08 12:22 - 2012-05-08 12:22 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-1.61.0.1400 (1).exe
2012-05-08 12:22 - 2012-05-08 12:22 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-08 12:22 - 2012-04-04 11:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-08 11:59 - 2012-05-08 11:59 - 4165584 ____A (PC Tools) C:\Users\admin\Downloads\SD_Online_aff_GenericRevenueWire_207.exe
2012-05-07 18:16 - 2012-05-07 18:16 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-07 14:46 - 2012-05-07 15:00 - 0000000 ___SD C:\ComboFix
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ___SD C:\32788R22FWJFW
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ____D C:\Windows\ERDNT
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ____D C:\Qoobox
2012-05-07 14:46 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-07 14:46 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-07 14:46 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-07 14:46 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-07 14:46 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-07 14:46 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-07 14:46 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-07 14:46 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-07 13:58 - 2012-05-07 14:12 - 0000000 ____D C:\Users\All Users\Avira
2012-05-07 13:58 - 2012-05-07 14:12 - 0000000 ____D C:\ProgramData\Avira
2012-05-07 13:54 - 2012-05-07 13:54 - 1978992 ____A C:\Users\admin\Downloads\avira_antivirus_premium.exe
2012-05-07 13:37 - 2012-05-07 13:37 - 0002324 ____A C:\Windows\epplauncher.mif
2012-05-07 11:46 - 2012-05-08 11:16 - 0007605 ____A C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2012-05-07 10:58 - 2012-05-07 10:58 - 0002891 ____A C:\Users\admin\Downloads\Shark.Tank.S03E13.HDTV.x264-2HD.torrent
2012-05-06 17:57 - 2012-05-06 17:57 - 0440643 ____A C:\Users\admin\Downloads\sound_of_waves_assign.docx
2012-05-05 13:36 - 2012-05-13 05:28 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-05 13:09 - 2012-05-05 13:09 - 0003394 ____A C:\Users\admin\Downloads\Shark.Tank.S03E12.HDTV.XviD-2HD.torrent
2012-04-30 19:21 - 2012-04-30 19:21 - 0040340 ____A C:\Users\admin\Downloads\Launch at an angle (1).docx
2012-04-30 17:45 - 2012-04-30 17:45 - 0015207 ____A C:\Users\admin\Downloads\launch angle science lab.odt
2012-04-30 16:31 - 2012-04-30 16:31 - 0024739 ____A C:\Users\admin\Downloads\Launch at an angle.docx
2012-04-20 17:28 - 2012-04-20 17:28 - 0002263 ____A C:\Users\admin\Downloads\Shark.Tank.S03E11.HDTV.x264-TRANSiENCE.torrent
2012-04-20 16:41 - 2012-04-20 16:41 - 0019938 ____A C:\Users\admin\Downloads\Donnie.Darko.2001.DC.720p.BDRip.XviD-SHiRK.torrent
2012-04-18 15:23 - 2012-04-18 15:23 - 0340296 ____A (AirInstaller Inc.) C:\Users\admin\Downloads\setup.exe
2012-04-18 15:18 - 2012-04-18 15:18 - 0001077 ____A C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2012-04-18 15:18 - 2012-04-18 15:18 - 0000000 ____D C:\Program Files\VS Revo Group
2012-04-18 15:18 - 2009-12-30 06:21 - 0031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2012-04-17 18:04 - 2012-04-17 18:11 - 142473974 ____A C:\Users\admin\Downloads\8thgrade.rar
2012-04-17 17:56 - 2012-04-17 17:56 - 0000000 ____D C:\Users\admin\AppData\Local\VS Revo Group
2012-04-17 17:50 - 2012-04-18 15:42 - 0000000 ____D C:\Users\admin\AppData\Roaming\Media Finder
2012-04-17 17:50 - 2012-04-17 17:52 - 0000000 ___AD C:\Users\admin\Desktop\Download
2012-04-17 11:01 - 2012-04-17 11:01 - 0003515 ____A C:\Users\admin\Downloads\Shark.Tank.S02E08.HDTV.XviD-2HD.torrent
2012-04-15 15:30 - 2012-04-15 15:30 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S02E07.HDTV.XviD-2HD.torrent

============ 3 Months Modified Files and Folders =============

2012-05-14 18:11 - 2012-05-14 18:10 - 0000000 ____D C:\FRST
2012-05-13 10:09 - 2010-11-20 22:29 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617655315-3413906698-3447732237-1000UA.job
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-05-13 09:53 - 2012-05-13 09:53 - 0000000 ____D C:\_OTL
2012-05-13 09:53 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-05-13 09:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\winevt
2012-05-13 09:52 - 2010-11-21 09:47 - 0000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2012-05-13 09:47 - 2010-11-21 10:01 - 0000000 ____D C:\Users\admin\AppData\Roaming\.purple
2012-05-13 08:56 - 2012-05-13 08:56 - 0000000 ____D C:\Virus Logs
2012-05-13 08:55 - 2012-05-13 08:55 - 0097782 ____A C:\Users\admin\Downloads\OTL.Txt
2012-05-13 08:55 - 2012-05-13 08:55 - 0076050 ____A C:\Users\admin\Downloads\Extras.Txt
2012-05-13 08:46 - 2012-05-13 08:46 - 0595456 ____A (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2012-05-13 05:30 - 2010-11-20 22:04 - 0932285 ____A C:\Windows\WindowsUpdate.log
2012-05-13 05:28 - 2012-05-05 13:36 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-13 05:27 - 2011-11-25 13:45 - 0119296 ____A C:\Windows\SysWOW64\zlib.dll
2012-05-13 05:27 - 2010-11-26 09:26 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-13 05:27 - 2010-11-22 00:57 - 3220475904 __ASH C:\hiberfil.sys
2012-05-13 05:27 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-13 05:27 - 2009-07-13 20:51 - 0094762 ____A C:\Windows\setupact.log
2012-05-12 20:03 - 2011-02-08 18:40 - 0000000 ____D C:\Users\admin\AppData\Roaming\Skype
2012-05-12 20:03 - 2010-11-21 09:46 - 0000000 ____D C:\Users\admin\AppData\Roaming\foobar2000
2012-05-12 19:09 - 2010-11-20 22:29 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617655315-3413906698-3447732237-1000Core.job
2012-05-12 19:01 - 2012-03-08 16:37 - 0000000 ____D C:\Users\All Users\PMB Files
2012-05-12 19:01 - 2012-03-08 16:37 - 0000000 ____D C:\Users\admin\AppData\Local\PMB Files
2012-05-12 19:01 - 2012-03-08 16:37 - 0000000 ____D C:\ProgramData\PMB Files
2012-05-12 15:31 - 2010-12-15 16:06 - 0000000 ____D C:\Users\admin\Downloads\video
2012-05-12 15:31 - 2010-11-21 12:08 - 0000000 ____D C:\Users\admin\Downloads\torrents
2012-05-12 15:30 - 2012-05-12 15:30 - 0002605 ____A C:\Users\admin\Downloads\Shark.Tank.S03E14.HDTV.x264-2HD.torrent
2012-05-11 03:29 - 2010-11-22 14:33 - 0000000 ____D C:\Microsoft Word Documents
2012-05-09 03:22 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-08 19:23 - 2012-05-08 19:23 - 5527040 ____A C:\Users\admin\Downloads\south_africa_geography__2012__Wc_version.ppt
2012-05-08 12:27 - 2010-10-11 09:53 - 1333004 ____A C:\Windows\PFRO.log
2012-05-08 12:26 - 2005-12-04 14:56 - 0000000 _RSHD C:\Windows\SysWOW64\WinDir
2012-05-08 12:22 - 2012-05-08 12:22 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-1.61.0.1400 (1).exe
2012-05-08 12:22 - 2012-05-08 12:22 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-08 11:59 - 2012-05-08 11:59 - 4165584 ____A (PC Tools) C:\Users\admin\Downloads\SD_Online_aff_GenericRevenueWire_207.exe
2012-05-08 11:16 - 2012-05-07 11:46 - 0007605 ____A C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2012-05-07 18:16 - 2012-05-07 18:16 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-07 15:00 - 2012-05-07 14:46 - 0000000 ___SD C:\ComboFix
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ___SD C:\32788R22FWJFW
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ____D C:\Windows\ERDNT
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ____D C:\Qoobox
2012-05-07 14:12 - 2012-05-07 13:58 - 0000000 ____D C:\Users\All Users\Avira
2012-05-07 14:12 - 2012-05-07 13:58 - 0000000 ____D C:\ProgramData\Avira
2012-05-07 13:54 - 2012-05-07 13:54 - 1978992 ____A C:\Users\admin\Downloads\avira_antivirus_premium.exe
2012-05-07 13:37 - 2012-05-07 13:37 - 0002324 ____A C:\Windows\epplauncher.mif
2012-05-07 10:58 - 2012-05-07 10:58 - 0002891 ____A C:\Users\admin\Downloads\Shark.Tank.S03E13.HDTV.x264-2HD.torrent
2012-05-07 10:54 - 2010-12-03 18:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-07 03:21 - 2009-07-13 20:45 - 0012640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-07 03:21 - 2009-07-13 20:45 - 0012640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-06 17:57 - 2012-05-06 17:57 - 0440643 ____A C:\Users\admin\Downloads\sound_of_waves_assign.docx
2012-05-05 13:09 - 2012-05-05 13:09 - 0003394 ____A C:\Users\admin\Downloads\Shark.Tank.S03E12.HDTV.XviD-2HD.torrent
2012-05-04 12:05 - 2011-07-11 21:40 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-04 12:05 - 2011-02-08 18:40 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-04 12:05 - 2011-02-08 18:40 - 0000000 ____D C:\Users\All Users\Skype
2012-05-04 12:05 - 2011-02-08 18:40 - 0000000 ____D C:\ProgramData\Skype
2012-05-02 07:10 - 2011-01-02 17:02 - 0002363 ____A C:\Users\admin\Desktop\Google Chrome.lnk
2012-04-30 19:21 - 2012-04-30 19:21 - 0040340 ____A C:\Users\admin\Downloads\Launch at an angle (1).docx
2012-04-30 17:45 - 2012-04-30 17:45 - 0015207 ____A C:\Users\admin\Downloads\launch angle science lab.odt
2012-04-30 16:31 - 2012-04-30 16:31 - 0024739 ____A C:\Users\admin\Downloads\Launch at an angle.docx
2012-04-29 17:51 - 2011-09-05 13:28 - 0000000 ___AD C:\Users\admin\AppData\Roaming\.minecraft
2012-04-20 17:28 - 2012-04-20 17:28 - 0002263 ____A C:\Users\admin\Downloads\Shark.Tank.S03E11.HDTV.x264-TRANSiENCE.torrent
2012-04-20 16:41 - 2012-04-20 16:41 - 0019938 ____A C:\Users\admin\Downloads\Donnie.Darko.2001.DC.720p.BDRip.XviD-SHiRK.torrent
2012-04-20 12:13 - 2012-03-28 17:19 - 0000000 ____D C:\Users\admin\riotsGamesLogs
2012-04-18 15:43 - 2010-12-03 14:43 - 0000000 ____D C:\PWs
2012-04-18 15:42 - 2012-04-17 17:50 - 0000000 ____D C:\Users\admin\AppData\Roaming\Media Finder
2012-04-18 15:23 - 2012-04-18 15:23 - 0340296 ____A (AirInstaller Inc.) C:\Users\admin\Downloads\setup.exe
2012-04-18 15:18 - 2012-04-18 15:18 - 0001077 ____A C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2012-04-18 15:18 - 2012-04-18 15:18 - 0000000 ____D C:\Program Files\VS Revo Group
2012-04-17 18:11 - 2012-04-17 18:04 - 142473974 ____A C:\Users\admin\Downloads\8thgrade.rar
2012-04-17 17:56 - 2012-04-17 17:56 - 0000000 ____D C:\Users\admin\AppData\Local\VS Revo Group
2012-04-17 17:52 - 2012-04-17 17:50 - 0000000 ___AD C:\Users\admin\Desktop\Download
2012-04-17 11:01 - 2012-04-17 11:01 - 0003515 ____A C:\Users\admin\Downloads\Shark.Tank.S02E08.HDTV.XviD-2HD.torrent
2012-04-15 15:30 - 2012-04-15 15:30 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S02E07.HDTV.XviD-2HD.torrent
2012-04-14 10:42 - 2010-11-22 12:17 - 0000565 ____A C:\Users\admin\AppData\Roaming\myMPQ.ini
2012-04-13 12:13 - 2012-04-13 12:13 - 0003514 ____A C:\Users\admin\Downloads\Shark.Tank.S02E06.HDTV.XviD-2HD.torrent
2012-04-13 08:30 - 2012-04-13 08:30 - 0001075 ____A C:\Users\admin\Downloads\skin_120225010236181557.png
2012-04-12 10:09 - 2011-03-27 10:33 - 0000000 ____D C:\Users\All Users\Sony
2012-04-12 10:09 - 2011-03-27 10:33 - 0000000 ____D C:\ProgramData\Sony
2012-04-12 10:08 - 2011-11-21 19:13 - 0000000 ____D C:\Program Files (x86)\Project64 1.6
2012-04-12 10:07 - 2010-11-23 13:54 - 0000000 ____D C:\Users\All Users\NexonUS
2012-04-12 10:07 - 2010-11-23 13:54 - 0000000 ____D C:\ProgramData\NexonUS
2012-04-09 16:47 - 2012-04-09 16:47 - 0035174 ____A C:\Users\admin\Downloads\Mission.Impossible.Ghost.Protocol.2011.1080p.BluRay.DTS-ES.x264-ESiR.torrent
2012-04-09 11:00 - 2012-04-09 11:00 - 0003514 ____A C:\Users\admin\Downloads\Shark.Tank.S02E04.HDTV.XviD-2HD.torrent
2012-04-07 16:02 - 2012-04-07 16:02 - 0000000 ____D C:\Users\admin\hob
2012-04-07 16:02 - 2012-04-07 16:02 - 0000000 ____D C:\Users\admin\AppData\Roaming\ConnectPortal
2012-04-07 16:02 - 2010-11-20 22:04 - 0000000 ____D C:\users\admin
2012-04-07 15:50 - 2012-04-07 15:47 - 0000000 ____D C:\Users\admin\AppData\Roaming\Aventail
2012-04-07 15:44 - 2012-04-07 15:44 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\admin\Downloads\chromeinstall-6u31 (1).exe
2012-04-07 15:44 - 2012-04-07 15:44 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-07 15:44 - 2012-04-07 15:44 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-07 15:44 - 2012-04-07 15:44 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-07 15:44 - 2010-11-21 10:27 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-07 15:42 - 2012-04-07 15:42 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\admin\Downloads\chromeinstall-6u31.exe
2012-04-06 13:29 - 2012-04-06 13:29 - 0005941 ____A C:\Users\admin\Downloads\Shark.Tank.S03E10.720p.HDTV.x264-LMAO.torrent
2012-04-06 13:29 - 2012-04-06 13:29 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S02E03.HDTV.XviD-2HD.torrent
2012-04-06 10:33 - 2012-04-06 10:33 - 0002996 ____A C:\Users\admin\Downloads\Shark.Tank.S03E10.HDTV.x264-LMAO.torrent
2012-04-06 09:03 - 2012-04-06 09:03 - 0042902 ____A C:\Users\admin\Downloads\Shark.Tank.S03E09.720p.HDTV.x264-2HD.torrent
2012-04-05 18:57 - 2012-04-05 18:57 - 0003514 ____A C:\Users\admin\Downloads\Shark.Tank.S03E08.HDTV.XviD-2HD.torrent
2012-04-05 16:13 - 2012-04-05 16:13 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S03E07.HDTV.XviD-2HD.torrent
2012-04-05 13:38 - 2012-04-05 13:38 - 0003515 ____A C:\Users\admin\Downloads\Shark.Tank.S03E06.HDTV.XviD-2HD.torrent
2012-04-04 15:40 - 2012-04-04 15:40 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S03E05.HDTV.XviD-2HD.torrent
2012-04-04 11:56 - 2012-05-08 12:22 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 11:13 - 2012-04-04 11:13 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S03E04.HDTV.XviD-2HD.torrent
2012-04-03 15:58 - 2012-04-03 15:58 - 0029577 ____A C:\Users\admin\Downloads\Shark.Tank.S03E03.HDTV.XviD-2HD.torrent
2012-04-01 19:41 - 2012-04-01 19:41 - 0426381 ____A C:\Users\admin\Downloads\survivalguide (1).docx
2012-04-01 19:34 - 2012-04-01 19:34 - 0426381 ____A C:\Users\admin\Downloads\survivalguide.docx
2012-04-01 14:52 - 2012-04-01 10:32 - 0017854 ____A C:\Users\admin\Downloads\Rnaomd spanish thing.docx
2012-03-31 16:42 - 2012-03-31 16:42 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S03E02.HDTV.XviD-2HD.torrent
2012-03-31 15:02 - 2012-03-31 15:02 - 0000000 ____A C:\Users\admin\AppData\Roaming\UMhVO.txt
2012-03-31 12:36 - 2012-03-31 12:36 - 0005769 ____A C:\Users\admin\Downloads\Shark.Tank.S03E01.720p.HDTV.x264-2HD.torrent
2012-03-29 03:20 - 2012-03-29 03:20 - 2460160 ____A C:\Users\admin\Downloads\germany_map.ppt
2012-03-28 18:47 - 2012-03-28 18:47 - 0000218 ____A C:\Users\admin\.recently-used.xbel
2012-03-28 17:18 - 2012-03-28 17:18 - 0000000 ____D C:\Users\admin\AppData\Roaming\LolClient
2012-03-28 16:35 - 2012-03-28 16:35 - 1627648 ____A C:\Users\admin\Downloads\final_solution_2012.ppt
2012-03-28 16:32 - 2012-03-28 16:31 - 3764224 ____A C:\Users\admin\Downloads\Hitler_s_Germany_2012.ppt
2012-03-28 16:30 - 2012-03-28 16:30 - 0001547 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-03-28 16:24 - 2012-03-28 16:24 - 0000000 ____D C:\Riot Games
2012-03-28 16:24 - 2010-11-20 22:27 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-28 16:23 - 2012-03-28 15:57 - 0000000 ___AD C:\Users\admin\Desktop\LeagueOfLegends
2012-03-28 16:07 - 2010-12-07 18:09 - 0000000 ____D C:\Users\admin\AppData\Roaming\gtk-2.0
2012-03-28 16:06 - 2012-03-28 16:06 - 0025093 ____A C:\Users\admin\Desktop\aim-sc-2012-03-28--20-06-29.png
2012-03-28 15:53 - 2012-03-28 15:53 - 2288128 ____A C:\Users\admin\Downloads\LeagueofLegends.exe
2012-03-21 18:25 - 2012-03-21 18:25 - 2525184 ____A C:\Users\admin\Downloads\0bffa138-b807-4ba5-829e-5061a86388d7.doc
2012-03-20 20:20 - 2012-03-20 20:20 - 0023552 ____A C:\Users\admin\Downloads\girl-with-a-pearl-earring-reaction.doc
2012-03-20 18:11 - 2012-03-20 18:11 - 0742264 ____A (BitTorrent, Inc.) C:\Users\admin\Downloads\uTorrent.exe
2012-03-18 09:04 - 2011-11-27 13:35 - 0001894 ____A C:\Users\admin\Desktop\Xpadder.ini
2012-03-16 11:59 - 2012-03-16 11:59 - 0774137 ____A C:\Users\admin\Downloads\game.dcr
2012-03-14 17:02 - 2010-11-21 10:01 - 0000000 ____D C:\Program Files (x86)\Pidgin
2012-03-14 17:01 - 2012-03-14 17:01 - 9290724 ____A C:\Users\admin\Downloads\pidgin-2.10.2.exe
2012-03-13 13:50 - 2012-03-13 13:49 - 52932448 ____A C:\Users\admin\Downloads\Ethos LP-ep150.zip
2012-03-12 12:38 - 2011-03-03 13:55 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-08 16:37 - 2010-12-01 17:49 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2012-03-06 19:41 - 2010-12-10 13:21 - 0000000 ____D C:\Users\admin\AppData\Local\Adobe
2012-03-06 19:41 - 2010-11-20 22:29 - 0000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2012-03-06 19:08 - 2012-03-06 19:08 - 4631187 ____A C:\Users\admin\Downloads\reign_of_terror_version_2__H_2011.pptx
2012-03-06 19:06 - 2012-03-06 19:06 - 5920738 ____A C:\Users\admin\Downloads\floating_world_2012.pptx
2012-03-06 19:06 - 2012-03-06 19:06 - 2884377 ____A C:\Users\admin\Downloads\ottoman_sultans_2.pptx
2012-03-06 13:38 - 2010-11-21 12:56 - 0000000 ____D C:\Users\admin\Downloads\game
2012-03-06 13:37 - 2012-03-06 13:37 - 0040918 ____A C:\Users\admin\Downloads\Mass.Effect.3-RELOADED.torrent
2012-03-06 13:34 - 2012-03-06 13:34 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-06 13:33 - 2010-11-21 09:47 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-04 20:08 - 2012-03-04 20:08 - 0028420 ____A C:\Users\admin\Downloads\TS030000127.dotx
2012-03-01 19:36 - 2012-03-01 19:36 - 0183737 ____A C:\Users\admin\Downloads\raisin_essay_2012.docx
2012-03-01 19:36 - 2012-03-01 19:36 - 0163989 ____A C:\Users\admin\Downloads\Raisin_in_the_Sun_lit_devices.docx
2012-03-01 15:33 - 2012-03-01 15:33 - 6599189 ____A C:\Users\admin\Downloads\awsomesurvive.zip
2012-02-29 18:28 - 2012-02-29 18:28 - 0271384 ____A C:\Users\admin\Downloads\triangle lab 9th.docx
2012-02-25 16:10 - 2012-02-25 16:10 - 0013437 ____A C:\Users\admin\Downloads\Toy-Box - FanTastic - 1999 (CD - MP3 - V0 (VBR)).torrent
2012-02-25 16:07 - 2012-02-25 16:07 - 0017133 ____A C:\Users\admin\Downloads\Toy-Box - FanTastic - 1999 (CD - FLAC - Lossless).torrent
2012-02-25 16:07 - 2012-02-25 16:07 - 0014522 ____A C:\Users\admin\Downloads\Toy-Box - FanTastic - 1999 (CD - FLAC - Lossless) (1).torrent
2012-02-23 21:27 - 2012-02-23 21:10 - 0112574 ____A C:\Users\admin\Downloads\Burning food lab (1).docx
2012-02-23 16:32 - 2012-02-23 16:32 - 0090932 ____A C:\Users\admin\Downloads\Burning food lab.docx
2012-02-23 15:49 - 2012-02-23 15:49 - 0270142 ____A C:\Users\admin\Desktop\Minecraft.exe
2012-02-17 19:50 - 2012-02-13 18:04 - 0000000 ____D C:\Minecraft backup
2012-02-16 20:50 - 2012-02-16 20:50 - 0011244 ____A C:\Users\admin\Downloads\2nd part of this lab im sending u.odt
2012-02-16 19:58 - 2012-02-16 19:58 - 0020272 ____A C:\Users\admin\Downloads\Heat flow (5).docx
2012-02-16 19:48 - 2012-02-16 19:48 - 0020277 ____A C:\Users\admin\Downloads\Heat flow (4).docx
2012-02-16 19:28 - 2012-02-16 19:28 - 0019485 ____A C:\Users\admin\Downloads\Heat flow (3).docx
2012-02-16 17:16 - 2012-02-16 17:16 - 0012330 ____A C:\Users\admin\Downloads\partner lab.odt
2012-02-16 17:02 - 2012-02-16 17:02 - 0017611 ____A C:\Users\admin\Downloads\Heat flow (2).docx
2012-02-16 16:35 - 2012-02-16 16:35 - 0326808 ____A C:\Users\admin\Downloads\04U-CCPCJ-Corruption.pdf
2012-02-16 16:27 - 2012-02-16 16:27 - 0013216 ____A C:\Users\admin\Downloads\Heat flow (1).docx
2012-02-16 16:14 - 2012-02-16 16:14 - 0014340 ____A C:\Users\admin\Downloads\Heat flow.docx
2012-02-15 18:09 - 2012-02-15 18:09 - 0697506 ____A C:\s4pg.5
2012-02-15 18:09 - 2012-02-15 18:08 - 1289717 ____A C:\s4pg.4
2012-02-15 18:07 - 2012-02-15 18:07 - 0000000 ____D C:\Users\admin\AppData\Local\libimobiledevice
2012-02-15 18:05 - 2012-02-15 18:05 - 9123792 ____A C:\Users\admin\Downloads\absinthe-win-0.4.zip
2012-02-15 17:32 - 2011-05-30 05:40 - 0000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2012-02-15 17:25 - 2012-02-15 17:24 - 0000000 ____D C:\Program Files\iTunes
2012-02-15 17:25 - 2012-02-15 17:24 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-15 17:24 - 2012-02-15 17:24 - 0000000 ____D C:\Program Files\iPod
2012-02-15 17:23 - 2012-02-15 17:23 - 0000000 ____D C:\Program Files\Bonjour
2012-02-15 17:23 - 2012-02-15 17:23 - 0000000 ____D C:\Program Files (x86)\Bonjour

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2011-07-27 13:31] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-13 15:24] - [2011-07-27 13:31] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe
[2009-07-13 15:34] - [2009-07-13 17:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4095.05 MB
Available physical RAM: 3521.16 MB
Total Pagefile: 4093.2 MB
Available Pagefile: 3495.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.51 GB) (Free:247.12 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: (USB20FD) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 572 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E USB20FD FAT32 Removable 3823 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-29 12:04

======================= End Of Log ==========================

#10 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:58 PM

Posted 15 May 2012 - 11:45 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2 thotkey; C:\Windows\System32\pptpminiport.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\pptpminiport.dll
NETSVC: thotkey

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.



Can you boot your PC again after doing the above?

Edited by Gammo, 15 May 2012 - 11:45 AM.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#11 Monkey D. Luffy

Monkey D. Luffy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 15 May 2012 - 04:57 PM

I hit the fix button, the log was successfully saved onto the USB but when I restarted my computer it was not fixed still. :( Here is what the log says:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 13-05-2012
Ran by SYSTEM at 2012-05-15 17:53:48 Run:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
thotkey service deleted successfully.
C:\Windows\System32\pptpminiport.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs thotkey Deleted successfully.

==== End of Fixlog ====

#12 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:58 PM

Posted 16 May 2012 - 07:33 AM

I'd like a new FRST log, so please repeat my instructions from reply #8. :thumbup2:

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#13 Monkey D. Luffy

Monkey D. Luffy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 16 May 2012 - 07:04 PM

Scan result of Farbar Recovery Scan Tool Version: 13-05-2012
Ran by SYSTEM at 16-05-2012 09:41:56
Running from E:\
Windows 7 Enterprise (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [251392 2010-05-05] ()
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\admin\...\Run: [Google Update] "C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-11-20] (Google Inc.)
HKU\admin\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [740216 2012-02-23] (BitTorrent, Inc.)
HKU\admin\...\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background [x]
HKU\admin\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
HKU\admin\...\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [x]
HKU\admin\...\Run: [ooVoo.exe] C:\Program Files (x86)\oovoo\ooVoo.exe /minimized [22459984 2011-12-12] (ooVoo LLC)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.250.0.12

==================== Services (Whitelisted) ======

2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-26] ()
2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [x]
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [x]

========================== Drivers (Whitelisted) =============

3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [116752 2010-09-24] (ATI Technologies, Inc.)
3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [47104 2009-08-10] (Cypress Semiconductor)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 Mkd2Nadr; C:\Windows\System32\Drivers\Mkd2Nadr.sys [106040 2009-03-12] (AhnLab, Inc.)
3 Mkd3kfNt; C:\Windows\System32\Drivers\Mkd3kfNt.sys [180280 2009-08-18] (AhnLab, Inc.)
3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [36720 2010-01-28] (Microsoft Corporation)
3 msloop; C:\Windows\System32\DRIVERS\loop.sys [7680 2009-07-13] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 Revoflt; C:\Windows\System32\Drivers\Revoflt.sys [31800 2009-12-30] (VS Revo Group)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2010-11-21] (Duplex Secure Ltd.)
3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [x]
3 ALSysIO; \??\C:\Users\admin\AppData\Local\Temp\ALSysIO64.sys [x]
3 cpuz134; \??\C:\Users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [x]
3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [x]
3 X6va003; \??\C:\Users\admin\AppData\Local\Temp\003DDE0.tmp [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-14 18:10 - 2012-05-16 09:42 - 0000000 ____D C:\FRST
2012-05-13 09:53 - 2012-05-13 09:53 - 0000000 ____D C:\_OTL
2012-05-13 08:56 - 2012-05-13 08:56 - 0000000 ____D C:\Virus Logs
2012-05-13 08:55 - 2012-05-13 08:55 - 0097782 ____A C:\Users\admin\Downloads\OTL.Txt
2012-05-13 08:55 - 2012-05-13 08:55 - 0076050 ____A C:\Users\admin\Downloads\Extras.Txt
2012-05-13 08:46 - 2012-05-13 08:46 - 0595456 ____A (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2012-05-12 15:30 - 2012-05-12 15:30 - 0002605 ____A C:\Users\admin\Downloads\Shark.Tank.S03E14.HDTV.x264-2HD.torrent
2012-05-08 19:23 - 2012-05-08 19:23 - 5527040 ____A C:\Users\admin\Downloads\south_africa_geography__2012__Wc_version.ppt
2012-05-08 12:22 - 2012-05-08 12:22 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-1.61.0.1400 (1).exe
2012-05-08 12:22 - 2012-05-08 12:22 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-08 12:22 - 2012-04-04 11:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-08 11:59 - 2012-05-08 11:59 - 4165584 ____A (PC Tools) C:\Users\admin\Downloads\SD_Online_aff_GenericRevenueWire_207.exe
2012-05-07 18:16 - 2012-05-07 18:16 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-07 14:46 - 2012-05-07 15:00 - 0000000 ___SD C:\ComboFix
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ___SD C:\32788R22FWJFW
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ____D C:\Windows\ERDNT
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ____D C:\Qoobox
2012-05-07 14:46 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-07 14:46 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-07 14:46 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-07 14:46 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-07 14:46 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-07 14:46 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-07 14:46 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-07 14:46 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-07 13:58 - 2012-05-07 14:12 - 0000000 ____D C:\Users\All Users\Avira
2012-05-07 13:58 - 2012-05-07 14:12 - 0000000 ____D C:\ProgramData\Avira
2012-05-07 13:54 - 2012-05-07 13:54 - 1978992 ____A C:\Users\admin\Downloads\avira_antivirus_premium.exe
2012-05-07 13:37 - 2012-05-07 13:37 - 0002324 ____A C:\Windows\epplauncher.mif
2012-05-07 11:46 - 2012-05-08 11:16 - 0007605 ____A C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2012-05-07 10:58 - 2012-05-07 10:58 - 0002891 ____A C:\Users\admin\Downloads\Shark.Tank.S03E13.HDTV.x264-2HD.torrent
2012-05-06 17:57 - 2012-05-06 17:57 - 0440643 ____A C:\Users\admin\Downloads\sound_of_waves_assign.docx
2012-05-05 13:36 - 2012-05-13 05:28 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-05 13:09 - 2012-05-05 13:09 - 0003394 ____A C:\Users\admin\Downloads\Shark.Tank.S03E12.HDTV.XviD-2HD.torrent
2012-04-30 19:21 - 2012-04-30 19:21 - 0040340 ____A C:\Users\admin\Downloads\Launch at an angle (1).docx
2012-04-30 17:45 - 2012-04-30 17:45 - 0015207 ____A C:\Users\admin\Downloads\launch angle science lab.odt
2012-04-30 16:31 - 2012-04-30 16:31 - 0024739 ____A C:\Users\admin\Downloads\Launch at an angle.docx
2012-04-20 17:28 - 2012-04-20 17:28 - 0002263 ____A C:\Users\admin\Downloads\Shark.Tank.S03E11.HDTV.x264-TRANSiENCE.torrent
2012-04-20 16:41 - 2012-04-20 16:41 - 0019938 ____A C:\Users\admin\Downloads\Donnie.Darko.2001.DC.720p.BDRip.XviD-SHiRK.torrent
2012-04-18 15:23 - 2012-04-18 15:23 - 0340296 ____A (AirInstaller Inc.) C:\Users\admin\Downloads\setup.exe
2012-04-18 15:18 - 2012-04-18 15:18 - 0001077 ____A C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2012-04-18 15:18 - 2012-04-18 15:18 - 0000000 ____D C:\Program Files\VS Revo Group
2012-04-18 15:18 - 2009-12-30 06:21 - 0031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2012-04-17 18:04 - 2012-04-17 18:11 - 142473974 ____A C:\Users\admin\Downloads\8thgrade.rar
2012-04-17 17:56 - 2012-04-17 17:56 - 0000000 ____D C:\Users\admin\AppData\Local\VS Revo Group
2012-04-17 17:50 - 2012-04-18 15:42 - 0000000 ____D C:\Users\admin\AppData\Roaming\Media Finder
2012-04-17 17:50 - 2012-04-17 17:52 - 0000000 ___AD C:\Users\admin\Desktop\Download
2012-04-17 11:01 - 2012-04-17 11:01 - 0003515 ____A C:\Users\admin\Downloads\Shark.Tank.S02E08.HDTV.XviD-2HD.torrent

============ 3 Months Modified Files and Folders =============

2012-05-16 09:42 - 2012-05-14 18:10 - 0000000 ____D C:\FRST
2012-05-13 10:09 - 2010-11-20 22:29 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617655315-3413906698-3447732237-1000UA.job
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-05-13 09:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-05-13 09:53 - 2012-05-13 09:53 - 0000000 ____D C:\_OTL
2012-05-13 09:53 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-05-13 09:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\winevt
2012-05-13 09:52 - 2010-11-21 09:47 - 0000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2012-05-13 09:47 - 2010-11-21 10:01 - 0000000 ____D C:\Users\admin\AppData\Roaming\.purple
2012-05-13 08:56 - 2012-05-13 08:56 - 0000000 ____D C:\Virus Logs
2012-05-13 08:55 - 2012-05-13 08:55 - 0097782 ____A C:\Users\admin\Downloads\OTL.Txt
2012-05-13 08:55 - 2012-05-13 08:55 - 0076050 ____A C:\Users\admin\Downloads\Extras.Txt
2012-05-13 08:46 - 2012-05-13 08:46 - 0595456 ____A (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2012-05-13 05:30 - 2010-11-20 22:04 - 0932285 ____A C:\Windows\WindowsUpdate.log
2012-05-13 05:28 - 2012-05-05 13:36 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-13 05:27 - 2011-11-25 13:45 - 0119296 ____A C:\Windows\SysWOW64\zlib.dll
2012-05-13 05:27 - 2010-11-26 09:26 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-13 05:27 - 2010-11-22 00:57 - 3220475904 __ASH C:\hiberfil.sys
2012-05-13 05:27 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-13 05:27 - 2009-07-13 20:51 - 0094762 ____A C:\Windows\setupact.log
2012-05-12 20:03 - 2011-02-08 18:40 - 0000000 ____D C:\Users\admin\AppData\Roaming\Skype
2012-05-12 20:03 - 2010-11-21 09:46 - 0000000 ____D C:\Users\admin\AppData\Roaming\foobar2000
2012-05-12 19:09 - 2010-11-20 22:29 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617655315-3413906698-3447732237-1000Core.job
2012-05-12 19:01 - 2012-03-08 16:37 - 0000000 ____D C:\Users\All Users\PMB Files
2012-05-12 19:01 - 2012-03-08 16:37 - 0000000 ____D C:\Users\admin\AppData\Local\PMB Files
2012-05-12 19:01 - 2012-03-08 16:37 - 0000000 ____D C:\ProgramData\PMB Files
2012-05-12 15:31 - 2010-12-15 16:06 - 0000000 ____D C:\Users\admin\Downloads\video
2012-05-12 15:31 - 2010-11-21 12:08 - 0000000 ____D C:\Users\admin\Downloads\torrents
2012-05-12 15:30 - 2012-05-12 15:30 - 0002605 ____A C:\Users\admin\Downloads\Shark.Tank.S03E14.HDTV.x264-2HD.torrent
2012-05-11 03:29 - 2010-11-22 14:33 - 0000000 ____D C:\Microsoft Word Documents
2012-05-09 03:22 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-08 19:23 - 2012-05-08 19:23 - 5527040 ____A C:\Users\admin\Downloads\south_africa_geography__2012__Wc_version.ppt
2012-05-08 12:27 - 2010-10-11 09:53 - 1333004 ____A C:\Windows\PFRO.log
2012-05-08 12:26 - 2005-12-04 14:56 - 0000000 _RSHD C:\Windows\SysWOW64\WinDir
2012-05-08 12:22 - 2012-05-08 12:22 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-1.61.0.1400 (1).exe
2012-05-08 12:22 - 2012-05-08 12:22 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-08 12:22 - 2012-05-08 12:22 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-08 11:59 - 2012-05-08 11:59 - 4165584 ____A (PC Tools) C:\Users\admin\Downloads\SD_Online_aff_GenericRevenueWire_207.exe
2012-05-08 11:16 - 2012-05-07 11:46 - 0007605 ____A C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2012-05-07 18:16 - 2012-05-07 18:16 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-07 15:00 - 2012-05-07 14:46 - 0000000 ___SD C:\ComboFix
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ___SD C:\32788R22FWJFW
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ____D C:\Windows\ERDNT
2012-05-07 14:46 - 2012-05-07 14:46 - 0000000 ____D C:\Qoobox
2012-05-07 14:12 - 2012-05-07 13:58 - 0000000 ____D C:\Users\All Users\Avira
2012-05-07 14:12 - 2012-05-07 13:58 - 0000000 ____D C:\ProgramData\Avira
2012-05-07 13:54 - 2012-05-07 13:54 - 1978992 ____A C:\Users\admin\Downloads\avira_antivirus_premium.exe
2012-05-07 13:37 - 2012-05-07 13:37 - 0002324 ____A C:\Windows\epplauncher.mif
2012-05-07 10:58 - 2012-05-07 10:58 - 0002891 ____A C:\Users\admin\Downloads\Shark.Tank.S03E13.HDTV.x264-2HD.torrent
2012-05-07 10:54 - 2010-12-03 18:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-07 03:21 - 2009-07-13 20:45 - 0012640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-07 03:21 - 2009-07-13 20:45 - 0012640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-06 17:57 - 2012-05-06 17:57 - 0440643 ____A C:\Users\admin\Downloads\sound_of_waves_assign.docx
2012-05-05 13:09 - 2012-05-05 13:09 - 0003394 ____A C:\Users\admin\Downloads\Shark.Tank.S03E12.HDTV.XviD-2HD.torrent
2012-05-04 12:05 - 2011-07-11 21:40 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-04 12:05 - 2011-02-08 18:40 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-04 12:05 - 2011-02-08 18:40 - 0000000 ____D C:\Users\All Users\Skype
2012-05-04 12:05 - 2011-02-08 18:40 - 0000000 ____D C:\ProgramData\Skype
2012-05-02 07:10 - 2011-01-02 17:02 - 0002363 ____A C:\Users\admin\Desktop\Google Chrome.lnk
2012-04-30 19:21 - 2012-04-30 19:21 - 0040340 ____A C:\Users\admin\Downloads\Launch at an angle (1).docx
2012-04-30 17:45 - 2012-04-30 17:45 - 0015207 ____A C:\Users\admin\Downloads\launch angle science lab.odt
2012-04-30 16:31 - 2012-04-30 16:31 - 0024739 ____A C:\Users\admin\Downloads\Launch at an angle.docx
2012-04-29 17:51 - 2011-09-05 13:28 - 0000000 ___AD C:\Users\admin\AppData\Roaming\.minecraft
2012-04-20 17:28 - 2012-04-20 17:28 - 0002263 ____A C:\Users\admin\Downloads\Shark.Tank.S03E11.HDTV.x264-TRANSiENCE.torrent
2012-04-20 16:41 - 2012-04-20 16:41 - 0019938 ____A C:\Users\admin\Downloads\Donnie.Darko.2001.DC.720p.BDRip.XviD-SHiRK.torrent
2012-04-20 12:13 - 2012-03-28 17:19 - 0000000 ____D C:\Users\admin\riotsGamesLogs
2012-04-18 15:43 - 2010-12-03 14:43 - 0000000 ____D C:\PWs
2012-04-18 15:42 - 2012-04-17 17:50 - 0000000 ____D C:\Users\admin\AppData\Roaming\Media Finder
2012-04-18 15:23 - 2012-04-18 15:23 - 0340296 ____A (AirInstaller Inc.) C:\Users\admin\Downloads\setup.exe
2012-04-18 15:18 - 2012-04-18 15:18 - 0001077 ____A C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2012-04-18 15:18 - 2012-04-18 15:18 - 0000000 ____D C:\Program Files\VS Revo Group
2012-04-17 18:11 - 2012-04-17 18:04 - 142473974 ____A C:\Users\admin\Downloads\8thgrade.rar
2012-04-17 17:56 - 2012-04-17 17:56 - 0000000 ____D C:\Users\admin\AppData\Local\VS Revo Group
2012-04-17 17:52 - 2012-04-17 17:50 - 0000000 ___AD C:\Users\admin\Desktop\Download
2012-04-17 11:01 - 2012-04-17 11:01 - 0003515 ____A C:\Users\admin\Downloads\Shark.Tank.S02E08.HDTV.XviD-2HD.torrent
2012-04-15 15:30 - 2012-04-15 15:30 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S02E07.HDTV.XviD-2HD.torrent
2012-04-14 10:42 - 2010-11-22 12:17 - 0000565 ____A C:\Users\admin\AppData\Roaming\myMPQ.ini
2012-04-13 12:13 - 2012-04-13 12:13 - 0003514 ____A C:\Users\admin\Downloads\Shark.Tank.S02E06.HDTV.XviD-2HD.torrent
2012-04-13 08:30 - 2012-04-13 08:30 - 0001075 ____A C:\Users\admin\Downloads\skin_120225010236181557.png
2012-04-12 10:09 - 2011-03-27 10:33 - 0000000 ____D C:\Users\All Users\Sony
2012-04-12 10:09 - 2011-03-27 10:33 - 0000000 ____D C:\ProgramData\Sony
2012-04-12 10:08 - 2011-11-21 19:13 - 0000000 ____D C:\Program Files (x86)\Project64 1.6
2012-04-12 10:07 - 2010-11-23 13:54 - 0000000 ____D C:\Users\All Users\NexonUS
2012-04-12 10:07 - 2010-11-23 13:54 - 0000000 ____D C:\ProgramData\NexonUS
2012-04-09 16:47 - 2012-04-09 16:47 - 0035174 ____A C:\Users\admin\Downloads\Mission.Impossible.Ghost.Protocol.2011.1080p.BluRay.DTS-ES.x264-ESiR.torrent
2012-04-09 11:00 - 2012-04-09 11:00 - 0003514 ____A C:\Users\admin\Downloads\Shark.Tank.S02E04.HDTV.XviD-2HD.torrent
2012-04-07 16:02 - 2012-04-07 16:02 - 0000000 ____D C:\Users\admin\hob
2012-04-07 16:02 - 2012-04-07 16:02 - 0000000 ____D C:\Users\admin\AppData\Roaming\ConnectPortal
2012-04-07 16:02 - 2010-11-20 22:04 - 0000000 ____D C:\users\admin
2012-04-07 15:50 - 2012-04-07 15:47 - 0000000 ____D C:\Users\admin\AppData\Roaming\Aventail
2012-04-07 15:44 - 2012-04-07 15:44 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\admin\Downloads\chromeinstall-6u31 (1).exe
2012-04-07 15:44 - 2012-04-07 15:44 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-07 15:44 - 2012-04-07 15:44 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-07 15:44 - 2012-04-07 15:44 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-07 15:44 - 2010-11-21 10:27 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-07 15:42 - 2012-04-07 15:42 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\admin\Downloads\chromeinstall-6u31.exe
2012-04-06 13:29 - 2012-04-06 13:29 - 0005941 ____A C:\Users\admin\Downloads\Shark.Tank.S03E10.720p.HDTV.x264-LMAO.torrent
2012-04-06 13:29 - 2012-04-06 13:29 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S02E03.HDTV.XviD-2HD.torrent
2012-04-06 10:33 - 2012-04-06 10:33 - 0002996 ____A C:\Users\admin\Downloads\Shark.Tank.S03E10.HDTV.x264-LMAO.torrent
2012-04-06 09:03 - 2012-04-06 09:03 - 0042902 ____A C:\Users\admin\Downloads\Shark.Tank.S03E09.720p.HDTV.x264-2HD.torrent
2012-04-05 18:57 - 2012-04-05 18:57 - 0003514 ____A C:\Users\admin\Downloads\Shark.Tank.S03E08.HDTV.XviD-2HD.torrent
2012-04-05 16:13 - 2012-04-05 16:13 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S03E07.HDTV.XviD-2HD.torrent
2012-04-05 13:38 - 2012-04-05 13:38 - 0003515 ____A C:\Users\admin\Downloads\Shark.Tank.S03E06.HDTV.XviD-2HD.torrent
2012-04-04 15:40 - 2012-04-04 15:40 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S03E05.HDTV.XviD-2HD.torrent
2012-04-04 11:56 - 2012-05-08 12:22 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 11:13 - 2012-04-04 11:13 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S03E04.HDTV.XviD-2HD.torrent
2012-04-03 15:58 - 2012-04-03 15:58 - 0029577 ____A C:\Users\admin\Downloads\Shark.Tank.S03E03.HDTV.XviD-2HD.torrent
2012-04-01 19:41 - 2012-04-01 19:41 - 0426381 ____A C:\Users\admin\Downloads\survivalguide (1).docx
2012-04-01 19:34 - 2012-04-01 19:34 - 0426381 ____A C:\Users\admin\Downloads\survivalguide.docx
2012-04-01 14:52 - 2012-04-01 10:32 - 0017854 ____A C:\Users\admin\Downloads\Rnaomd spanish thing.docx
2012-03-31 16:42 - 2012-03-31 16:42 - 0003535 ____A C:\Users\admin\Downloads\Shark.Tank.S03E02.HDTV.XviD-2HD.torrent
2012-03-31 15:02 - 2012-03-31 15:02 - 0000000 ____A C:\Users\admin\AppData\Roaming\UMhVO.txt
2012-03-31 12:36 - 2012-03-31 12:36 - 0005769 ____A C:\Users\admin\Downloads\Shark.Tank.S03E01.720p.HDTV.x264-2HD.torrent
2012-03-29 03:20 - 2012-03-29 03:20 - 2460160 ____A C:\Users\admin\Downloads\germany_map.ppt
2012-03-28 18:47 - 2012-03-28 18:47 - 0000218 ____A C:\Users\admin\.recently-used.xbel
2012-03-28 17:18 - 2012-03-28 17:18 - 0000000 ____D C:\Users\admin\AppData\Roaming\LolClient
2012-03-28 16:35 - 2012-03-28 16:35 - 1627648 ____A C:\Users\admin\Downloads\final_solution_2012.ppt
2012-03-28 16:32 - 2012-03-28 16:31 - 3764224 ____A C:\Users\admin\Downloads\Hitler_s_Germany_2012.ppt
2012-03-28 16:30 - 2012-03-28 16:30 - 0001547 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-03-28 16:24 - 2012-03-28 16:24 - 0000000 ____D C:\Riot Games
2012-03-28 16:24 - 2010-11-20 22:27 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-28 16:23 - 2012-03-28 15:57 - 0000000 ___AD C:\Users\admin\Desktop\LeagueOfLegends
2012-03-28 16:07 - 2010-12-07 18:09 - 0000000 ____D C:\Users\admin\AppData\Roaming\gtk-2.0
2012-03-28 16:06 - 2012-03-28 16:06 - 0025093 ____A C:\Users\admin\Desktop\aim-sc-2012-03-28--20-06-29.png
2012-03-28 15:53 - 2012-03-28 15:53 - 2288128 ____A C:\Users\admin\Downloads\LeagueofLegends.exe
2012-03-21 18:25 - 2012-03-21 18:25 - 2525184 ____A C:\Users\admin\Downloads\0bffa138-b807-4ba5-829e-5061a86388d7.doc
2012-03-20 20:20 - 2012-03-20 20:20 - 0023552 ____A C:\Users\admin\Downloads\girl-with-a-pearl-earring-reaction.doc
2012-03-20 18:11 - 2012-03-20 18:11 - 0742264 ____A (BitTorrent, Inc.) C:\Users\admin\Downloads\uTorrent.exe
2012-03-18 09:04 - 2011-11-27 13:35 - 0001894 ____A C:\Users\admin\Desktop\Xpadder.ini
2012-03-16 11:59 - 2012-03-16 11:59 - 0774137 ____A C:\Users\admin\Downloads\game.dcr
2012-03-14 17:02 - 2010-11-21 10:01 - 0000000 ____D C:\Program Files (x86)\Pidgin
2012-03-14 17:01 - 2012-03-14 17:01 - 9290724 ____A C:\Users\admin\Downloads\pidgin-2.10.2.exe
2012-03-13 13:50 - 2012-03-13 13:49 - 52932448 ____A C:\Users\admin\Downloads\Ethos LP-ep150.zip
2012-03-12 12:38 - 2011-03-03 13:55 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-08 16:37 - 2010-12-01 17:49 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2012-03-06 19:41 - 2010-12-10 13:21 - 0000000 ____D C:\Users\admin\AppData\Local\Adobe
2012-03-06 19:41 - 2010-11-20 22:29 - 0000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2012-03-06 19:08 - 2012-03-06 19:08 - 4631187 ____A C:\Users\admin\Downloads\reign_of_terror_version_2__H_2011.pptx
2012-03-06 19:06 - 2012-03-06 19:06 - 5920738 ____A C:\Users\admin\Downloads\floating_world_2012.pptx
2012-03-06 19:06 - 2012-03-06 19:06 - 2884377 ____A C:\Users\admin\Downloads\ottoman_sultans_2.pptx
2012-03-06 13:38 - 2010-11-21 12:56 - 0000000 ____D C:\Users\admin\Downloads\game
2012-03-06 13:37 - 2012-03-06 13:37 - 0040918 ____A C:\Users\admin\Downloads\Mass.Effect.3-RELOADED.torrent
2012-03-06 13:34 - 2012-03-06 13:34 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-06 13:33 - 2010-11-21 09:47 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-04 20:08 - 2012-03-04 20:08 - 0028420 ____A C:\Users\admin\Downloads\TS030000127.dotx
2012-03-01 19:36 - 2012-03-01 19:36 - 0183737 ____A C:\Users\admin\Downloads\raisin_essay_2012.docx
2012-03-01 19:36 - 2012-03-01 19:36 - 0163989 ____A C:\Users\admin\Downloads\Raisin_in_the_Sun_lit_devices.docx
2012-03-01 15:33 - 2012-03-01 15:33 - 6599189 ____A C:\Users\admin\Downloads\awsomesurvive.zip
2012-02-29 18:28 - 2012-02-29 18:28 - 0271384 ____A C:\Users\admin\Downloads\triangle lab 9th.docx
2012-02-25 16:10 - 2012-02-25 16:10 - 0013437 ____A C:\Users\admin\Downloads\Toy-Box - FanTastic - 1999 (CD - MP3 - V0 (VBR)).torrent
2012-02-25 16:07 - 2012-02-25 16:07 - 0017133 ____A C:\Users\admin\Downloads\Toy-Box - FanTastic - 1999 (CD - FLAC - Lossless).torrent
2012-02-25 16:07 - 2012-02-25 16:07 - 0014522 ____A C:\Users\admin\Downloads\Toy-Box - FanTastic - 1999 (CD - FLAC - Lossless) (1).torrent
2012-02-23 21:27 - 2012-02-23 21:10 - 0112574 ____A C:\Users\admin\Downloads\Burning food lab (1).docx
2012-02-23 16:32 - 2012-02-23 16:32 - 0090932 ____A C:\Users\admin\Downloads\Burning food lab.docx
2012-02-23 15:49 - 2012-02-23 15:49 - 0270142 ____A C:\Users\admin\Desktop\Minecraft.exe
2012-02-17 19:50 - 2012-02-13 18:04 - 0000000 ____D C:\Minecraft backup

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2011-07-27 13:31] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-13 15:24] - [2011-07-27 13:31] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe
[2009-07-13 15:34] - [2009-07-13 17:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4095.05 MB
Available physical RAM: 3520.09 MB
Total Pagefile: 4093.2 MB
Available Pagefile: 3496.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.51 GB) (Free:247.12 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: (USB20FD) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 572 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E USB20FD FAT32 Removable 3823 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-29 12:04

======================= End Of Log ==========================

#14 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:58 PM

Posted 17 May 2012 - 05:47 AM

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Startup Repair[/list]
Run Startup Repair and check if it fixes your problem. It may need to reboot multiple times. You should re-enter startup repair until it either says it fixed or couldn't fix the problem.

Edited by Gammo, 17 May 2012 - 05:51 AM.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#15 Monkey D. Luffy

Monkey D. Luffy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 17 May 2012 - 04:42 PM

I tried hitting startup repair multiple times but it says the problem could not be fixed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users