Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screen crash possibly infected


  • This topic is locked This topic is locked
143 replies to this topic

#1 Dmasterman

Dmasterman

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 June 2013 - 01:45 AM

Hey everyone, I think I may be infected. My post was moved to "Am I infected".

 

But I have gotten no response or help and my problem seems to be worsening over time. You can find the link here:

 

http://www.bleepingcomputer.com/forums/t/498394/getting-blue-screen-crashes/


basically during initial start ups I get a complete freeze or a blue screen crash. IT usually takes me 5 or 6 times of turning my computer on or off to finally get it working whilst getting these blue screen crashes.

 

Help would be very much appreciated

 

specs:

specs:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5600+, x86 Family 15 Model 67 Stepping 3
Processor Count: 2
RAM: 3454 Mb
Graphics Card: NVIDIA GeForce GT 430, 1 Mb
Hard Drives: C: Total - 305234 MB, Free - 112205 MB;
Motherboard: ECS, Nettle2
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Disabled

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 20 June 2013 - 02:10 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Dmasterman

Dmasterman
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 June 2013 - 04:18 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2013
Ran by D (administrator) on 19-06-2013 22:46:11
Running from C:\Documents and Settings\D\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Documents and Settings\All Users\Application Data\BetterSoft\OptimizerPro\OptimizerPro.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Essentials\msseces.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1335700501\ee\AOLSoftware.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files\Pure Networks\Network Magic\nmapp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(AOL Inc.) C:\Program Files\AIM\aim.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\waol.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\shellmon.exe
(AOL LLC) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
(Microsoft Corporation) C:\WINDOWS\system32\SNDVOL32.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey [1094224 2010-09-15] (Microsoft Corporation)
HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1335700501\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM\...\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM\...\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [472112 2012-12-02] (Cisco Systems, Inc.)
HKLM\...\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [15664416 2013-02-09] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login [x]
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1982312 2013-02-09] ()
HKLM\...\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-06-10] (BlueStack Systems, Inc.)
HKLM\...\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [437160 2007-02-26] (Microsoft Corporation)
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Policies\system: [disableregistrytools] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 24.25.227.55 209.18.47.61

FireFox:
========
FF ProfilePath: C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\77radbcm.default
FF SearchEngine: Google
FF Keyword.URL: user_pref("keyword.URL", "");
FF Homepage: user_pref("browser.startup.homepage", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Extension: DownloadHelper - C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\77radbcm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: leethax - C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\77radbcm.default\Extensions\leethax@leethax.net.xpi
FF Extension: No Name - C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\77radbcm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR Extension: (BBrowusse22savve) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojngnjdcpfcogeebncmfoihkinakofid\1

========================== Services (Whitelisted) =================

R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2009-07-07] (Cisco Systems, Inc.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe [95896 2009-04-26] (SiSoftware)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2012-05-13] ()
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-06-10] (BlueStack Systems)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2010-02-09] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2010-02-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2010-02-09] (HP)
R3 HSX_DP; C:\Windows\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2012-05-13] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-10] (ManyCam LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [151216 2010-03-25] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [128440 2012-12-18] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [25392 2009-07-07] (Cisco Systems, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26672 2009-07-07] (Cisco Systems, Inc.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R3 winachsx; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-06-19 22:46 - 2013-06-19 22:46 - 00000000 ____D C:\FRST
2013-06-19 22:45 - 2013-06-19 22:45 - 01368263 ____A (Farbar) C:\Documents and Settings\D\Desktop\FRST.exe
2013-06-19 20:02 - 2013-06-19 20:03 - 00000000 ____D C:\Documents and Settings\D\Desktop\New Folder
2013-06-19 08:52 - 2013-06-19 08:52 - 00090112 ____A C:\Windows\Minidump\Mini061913-02.dmp
2013-06-19 08:47 - 2013-06-19 08:47 - 00090112 ____A C:\Windows\Minidump\Mini061913-01.dmp
2013-06-18 22:21 - 2013-06-18 22:21 - 00465369 ____A C:\Documents and Settings\D\Desktop\722001_536432716423449_913960351_n.mp4
2013-06-18 09:02 - 2013-06-18 09:03 - 00023213 ____A C:\Documents and Settings\D\Desktop\Result.txt
2013-06-18 09:00 - 2013-06-18 09:00 - 00760775 ____A (Farbar) C:\Documents and Settings\D\Desktop\MiniToolBox.exe
2013-06-18 08:47 - 2013-06-18 08:47 - 00090112 ____A C:\Windows\Minidump\Mini061813-01.dmp
2013-06-17 17:27 - 2013-06-17 17:32 - 36866280 ____A C:\Documents and Settings\D\Desktop\male.mp4
2013-06-17 09:04 - 2013-06-17 09:04 - 00844854 ____A C:\Documents and Settings\D\Desktop\err.bmp
2013-06-17 09:02 - 2013-06-17 09:02 - 00090112 ____A C:\Windows\Minidump\Mini061713-01.dmp
2013-06-16 17:55 - 2013-06-16 17:55 - 00053063 ____A C:\Documents and Settings\D\My Documents\11761928823674957522.jpeg
2013-06-16 17:55 - 2013-06-16 17:55 - 00027651 ____A C:\Documents and Settings\D\My Documents\6021507650476943088.jpeg
2013-06-16 17:55 - 2013-06-16 17:55 - 00025630 ____A C:\Documents and Settings\D\My Documents\3635179021952784597.jpeg
2013-06-16 16:53 - 2013-06-18 22:21 - 00000000 ____D C:\Documents and Settings\D\Desktop\Berenice Choong imgz
2013-06-16 08:48 - 2013-06-16 08:48 - 00001554 ____A C:\Documents and Settings\All Users\Desktop\Start BlueStacks.lnk
2013-06-16 08:48 - 2013-06-16 08:48 - 00000000 ____D C:\Program Files\BlueStacks
2013-06-16 08:47 - 2013-06-16 08:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BlueStacks
2013-06-13 08:28 - 2013-06-13 08:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-13 08:25 - 2013-06-13 08:25 - 00010929 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 07:54 - 2013-06-12 07:53 - 00090112 ____A C:\Windows\Minidump\Mini061213-02.dmp
2013-06-12 07:51 - 2013-06-13 08:28 - 00013718 ____A C:\Windows\KB2839229.log
2013-06-12 07:48 - 2013-06-12 07:48 - 00090112 ____A C:\Windows\Minidump\Mini061213-01.dmp
2013-06-10 20:28 - 2013-06-10 20:42 - 00000000 ____D C:\Documents and Settings\D\Desktop\AgeofWushu
2013-06-10 09:45 - 2013-06-10 09:45 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\FLT
2013-06-10 08:04 - 2013-06-10 08:04 - 00000000 ____D C:\Program Files\DIFX
2013-06-10 08:03 - 2013-06-10 08:04 - 00006858 ____A C:\Windows\DPINST.LOG
2013-06-10 08:03 - 2006-07-01 22:39 - 00036864 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\AmdK8.sys
2013-06-09 21:14 - 2013-06-09 21:14 - 00355464 ____A C:\Documents and Settings\D\Desktop\tetekkelasa.3gp
2013-06-09 06:26 - 2013-06-09 06:26 - 00090112 ____A C:\Windows\Minidump\Mini060913-01.dmp
2013-06-08 05:14 - 2013-06-08 05:14 - 16106856 ____A C:\Documents and Settings\D\Desktop\517809357_2.mp4
2013-06-07 04:19 - 2013-06-07 04:33 - 32587421 ____A C:\Documents and Settings\D\Desktop\xa0kvs_kiefer-s-interview-scenes-lost-boys_shortfilms.mp4
2013-06-05 03:56 - 2013-06-05 03:56 - 00463453 ____A C:\Documents and Settings\D\Desktop\762325_523103351082980_331563800_n-1.mp4
2013-06-03 19:43 - 2013-06-03 19:43 - 02439303 ____A C:\Documents and Settings\D\Desktop\743363_10151270863584058_684862730_n.mp4
2013-06-03 19:43 - 2013-06-03 19:43 - 01074033 ____A C:\Documents and Settings\D\Desktop\724634_10151270848714058_1958442120_n.mp4
2013-06-02 06:24 - 2013-06-02 06:28 - 161901112 ____A C:\Documents and Settings\D\Desktop\xzvkxb_hikonin-sentai-akibaranger-season-2-episode-5-english-subbed_fun.mp4
2013-06-01 19:52 - 2013-06-01 19:53 - 00000000 ____D C:\Documents and Settings\D\Desktop\JIGGLE AND ASS IT WORKS YES
2013-05-31 16:44 - 2013-05-31 16:43 - 00069552 ___AH C:\Windows\Minidump\Mini053113-01.dmp
2013-05-30 10:17 - 2013-05-30 10:17 - 04129475 ____A C:\Documents and Settings\D\Desktop\Bugs_Bunny_-_Sparta_Remix.mp4
2013-05-29 22:44 - 2013-03-17 05:45 - 00001277 ____A C:\Documents and Settings\D\Desktop\ElfBodyFix.esp
2013-05-29 03:02 - 2013-05-29 03:02 - 32156472 ____A C:\Documents and Settings\D\Desktop\INDONESIAN_TICKLE_TORTURE.mp4
2013-05-28 11:48 - 2013-05-28 11:48 - 06912054 ____A C:\Documents and Settings\D\Desktop\ryandixonnevershootapanda.bmp
2013-05-23 18:36 - 2013-05-24 01:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-22 13:54 - 2013-05-22 13:54 - 00019131 ____A C:\Documents and Settings\D\hs_err_pid2704.log
2013-05-22 13:54 - 2013-05-22 13:54 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\Unity
2013-05-21 04:56 - 2013-05-21 04:56 - 00576726 ____A C:\Documents and Settings\D\My Documents\how asians party.mp4
2013-05-20 16:56 - 2013-05-20 16:56 - 00601720 ____A C:\Documents and Settings\D\My Documents\Cyborg_is_Muslim.mp4
2013-05-20 16:03 - 2013-05-20 16:03 - 02425374 ____A C:\Documents and Settings\D\My Documents\New_Moon_Commercial_Panda.mp4

==================== One Month Modified Files and Folders ========

2013-06-19 22:46 - 2013-06-19 22:46 - 00000000 ____D C:\FRST
2013-06-19 22:45 - 2013-06-19 22:45 - 01368263 ____A (Farbar) C:\Documents and Settings\D\Desktop\FRST.exe
2013-06-19 22:32 - 2013-02-28 13:37 - 00007832 ____A C:\Windows\System32\nvAppTimestamps
2013-06-19 22:29 - 2012-07-24 16:09 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cd6a0a8a3231d8.job
2013-06-19 22:13 - 2013-01-08 08:27 - 00000754 ____A C:\Windows\WORDPAD.INI
2013-06-19 22:13 - 2012-04-27 23:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 20:03 - 2013-06-19 20:02 - 00000000 ____D C:\Documents and Settings\D\Desktop\New Folder
2013-06-19 20:02 - 2012-08-23 11:15 - 00344576 _ASHC C:\Documents and Settings\D\My Documents\Thumbs.db
2013-06-19 18:29 - 2012-04-27 19:55 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd2503770d2b36.job
2013-06-19 17:44 - 2013-01-04 10:04 - 00510976 __ASH C:\Documents and Settings\D\Desktop\Thumbs.db
2013-06-19 09:08 - 2010-11-02 21:06 - 01364590 ____A C:\Windows\WindowsUpdate.log
2013-06-19 08:53 - 2013-04-15 02:09 - 00000560 ___AH C:\Windows\Tasks\schedule!1173230912.job
2013-06-19 08:53 - 2012-04-30 02:09 - 00000062 __ASH C:\Documents and Settings\D\Local Settings\desktop.ini
2013-06-19 08:52 - 2013-06-19 08:52 - 00090112 ____A C:\Windows\Minidump\Mini061913-02.dmp
2013-06-19 08:52 - 2013-02-28 20:02 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
2013-06-19 08:52 - 2010-11-07 06:59 - 00000000 ____D C:\Windows\Minidump
2013-06-19 08:52 - 2010-11-02 21:20 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-19 08:52 - 2010-11-02 21:20 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 08:52 - 2010-11-02 21:10 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-19 08:52 - 2010-11-02 21:03 - 00000000 ____D C:\Windows\Registration
2013-06-19 08:52 - 2010-11-02 10:59 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-19 08:52 - 2010-11-02 10:59 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-19 08:51 - 2010-11-02 10:49 - 00090112 ____A C:\Windows\DUMP519a.tmp
2013-06-19 08:47 - 2013-06-19 08:47 - 00090112 ____A C:\Windows\Minidump\Mini061913-01.dmp
2013-06-18 23:56 - 2012-04-30 02:09 - 00000178 ___SH C:\Documents and Settings\D\ntuser.ini
2013-06-18 23:56 - 2010-11-02 21:20 - 00032634 ____A C:\Windows\SchedLgU.Txt
2013-06-18 22:21 - 2013-06-18 22:21 - 00465369 ____A C:\Documents and Settings\D\Desktop\722001_536432716423449_913960351_n.mp4
2013-06-18 22:21 - 2013-06-16 16:53 - 00000000 ____D C:\Documents and Settings\D\Desktop\Berenice Choong imgz
2013-06-18 09:04 - 2012-09-17 16:46 - 00668546 ____A C:\Windows\setupapi.log
2013-06-18 09:03 - 2013-06-18 09:02 - 00023213 ____A C:\Documents and Settings\D\Desktop\Result.txt
2013-06-18 09:00 - 2013-06-18 09:00 - 00760775 ____A (Farbar) C:\Documents and Settings\D\Desktop\MiniToolBox.exe
2013-06-18 08:47 - 2013-06-18 08:47 - 00090112 ____A C:\Windows\Minidump\Mini061813-01.dmp
2013-06-17 23:36 - 2012-04-30 19:13 - 00000000 ____D C:\Documents and Settings\D\Application Data\BitTorrent
2013-06-17 19:40 - 2012-05-02 22:11 - 00000000 ____D C:\Documents and Settings\D\Desktop\DL
2013-06-17 17:32 - 2013-06-17 17:27 - 36866280 ____A C:\Documents and Settings\D\Desktop\male.mp4
2013-06-17 09:04 - 2013-06-17 09:04 - 00844854 ____A C:\Documents and Settings\D\Desktop\err.bmp
2013-06-17 09:02 - 2013-06-17 09:02 - 00090112 ____A C:\Windows\Minidump\Mini061713-01.dmp
2013-06-16 17:55 - 2013-06-16 17:55 - 00053063 ____A C:\Documents and Settings\D\My Documents\11761928823674957522.jpeg
2013-06-16 17:55 - 2013-06-16 17:55 - 00027651 ____A C:\Documents and Settings\D\My Documents\6021507650476943088.jpeg
2013-06-16 17:55 - 2013-06-16 17:55 - 00025630 ____A C:\Documents and Settings\D\My Documents\3635179021952784597.jpeg
2013-06-16 11:40 - 2010-11-02 21:03 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-16 08:48 - 2013-06-16 08:48 - 00001554 ____A C:\Documents and Settings\All Users\Desktop\Start BlueStacks.lnk
2013-06-16 08:48 - 2013-06-16 08:48 - 00000000 ____D C:\Program Files\BlueStacks
2013-06-16 08:48 - 2013-06-16 08:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BlueStacks
2013-06-15 13:46 - 2013-04-16 14:10 - 00000000 ____D C:\Program Files\The Elder Scrolls V Skyrim
2013-06-14 15:52 - 2010-11-02 23:03 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-06-13 08:28 - 2013-06-13 08:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-13 08:28 - 2013-06-12 07:51 - 00013718 ____A C:\Windows\KB2839229.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00277517 ____A C:\Windows\iis6.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00259687 ____A C:\Windows\FaxSetup.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00124152 ____A C:\Windows\ocgen.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00118482 ____A C:\Windows\tsoc.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00085586 ____A C:\Windows\comsetup.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00078400 ____A C:\Windows\msmqinst.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00051907 ____A C:\Windows\ntdtcsetup.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00045486 ____A C:\Windows\netfxocm.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00028938 ____A C:\Windows\plusoc.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00018060 ____A C:\Windows\MedCtrOC.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00014364 ____A C:\Windows\ocmsn.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00014196 ____A C:\Windows\ehOCGen.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00013062 ____A C:\Windows\tabletoc.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00012978 ____A C:\Windows\msgsocm.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00001374 ____A C:\Windows\imsins.log
2013-06-13 08:26 - 2010-11-02 22:31 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:25 - 2013-06-13 08:25 - 00010929 ____A C:\Windows\KB2838727-IE8.log
2013-06-13 08:25 - 2012-09-28 03:00 - 00021784 ____A C:\Windows\updspapi.log
2013-06-13 08:25 - 2012-09-28 03:00 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-13 08:25 - 2010-11-02 22:33 - 00000000 ____D C:\Windows\ie8updates
2013-06-12 07:53 - 2013-06-12 07:54 - 00090112 ____A C:\Windows\Minidump\Mini061213-02.dmp
2013-06-12 07:48 - 2013-06-12 07:48 - 00090112 ____A C:\Windows\Minidump\Mini061213-01.dmp
2013-06-10 20:42 - 2013-06-10 20:28 - 00000000 ____D C:\Documents and Settings\D\Desktop\AgeofWushu
2013-06-10 11:02 - 2010-11-02 10:56 - 00647862 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-10 09:45 - 2013-06-10 09:45 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\FLT
2013-06-10 09:45 - 2012-04-30 02:12 - 00000000 ____D C:\Documents and Settings\D\My Documents\My Games
2013-06-10 08:04 - 2013-06-10 08:04 - 00000000 ____D C:\Program Files\DIFX
2013-06-10 08:04 - 2013-06-10 08:03 - 00006858 ____A C:\Windows\DPINST.LOG
2013-06-10 08:04 - 2010-11-02 21:30 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-06-10 08:03 - 2010-11-02 21:05 - 00000000 ____D C:\Windows\System32\DirectX
2013-06-10 08:03 - 2010-11-02 10:55 - 00000337 __RSH C:\boot.ini
2013-06-09 21:14 - 2013-06-09 21:14 - 00355464 ____A C:\Documents and Settings\D\Desktop\tetekkelasa.3gp
2013-06-09 15:25 - 2012-04-30 16:06 - 00000000 ____D C:\Documents and Settings\D\Application Data\vlc
2013-06-09 06:26 - 2013-06-09 06:26 - 00090112 ____A C:\Windows\Minidump\Mini060913-01.dmp
2013-06-08 05:14 - 2013-06-08 05:14 - 16106856 ____A C:\Documents and Settings\D\Desktop\517809357_2.mp4
2013-06-07 05:30 - 2012-04-30 16:06 - 00226304 ____A C:\Documents and Settings\D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-07 04:33 - 2013-06-07 04:19 - 32587421 ____A C:\Documents and Settings\D\Desktop\xa0kvs_kiefer-s-interview-scenes-lost-boys_shortfilms.mp4
2013-06-06 00:21 - 2010-11-22 00:21 - 00000264 ____A C:\Windows\Tasks\WebReg .job
2013-06-05 03:56 - 2013-06-05 03:56 - 00463453 ____A C:\Documents and Settings\D\Desktop\762325_523103351082980_331563800_n-1.mp4
2013-06-03 19:43 - 2013-06-03 19:43 - 02439303 ____A C:\Documents and Settings\D\Desktop\743363_10151270863584058_684862730_n.mp4
2013-06-03 19:43 - 2013-06-03 19:43 - 01074033 ____A C:\Documents and Settings\D\Desktop\724634_10151270848714058_1958442120_n.mp4
2013-06-02 06:28 - 2013-06-02 06:24 - 161901112 ____A C:\Documents and Settings\D\Desktop\xzvkxb_hikonin-sentai-akibaranger-season-2-episode-5-english-subbed_fun.mp4
2013-06-02 01:15 - 2013-05-16 16:49 - 00000000 ____D C:\Documents and Settings\D\Desktop\Current Data
2013-06-01 19:53 - 2013-06-01 19:52 - 00000000 ____D C:\Documents and Settings\D\Desktop\JIGGLE AND ASS IT WORKS YES
2013-05-31 21:49 - 2012-09-17 16:46 - 00000408 ____A C:\Windows\setupact.log
2013-05-31 16:43 - 2013-05-31 16:44 - 00069552 ___AH C:\Windows\Minidump\Mini053113-01.dmp
2013-05-30 10:17 - 2013-05-30 10:17 - 04129475 ____A C:\Documents and Settings\D\Desktop\Bugs_Bunny_-_Sparta_Remix.mp4
2013-05-29 23:27 - 2013-04-15 02:06 - 00000000 ____D C:\Documents and Settings\D\Desktop\skyrim hazardous mods
2013-05-29 22:15 - 2013-05-15 01:05 - 00000000 ____D C:\Documents and Settings\D\Desktop\skyrim cleaner
2013-05-29 20:18 - 2013-02-03 02:31 - 00000000 ____D C:\Documents and Settings\D\My Documents\Nexus Mod Manager
2013-05-29 20:18 - 2012-04-30 02:12 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\Skyrim
2013-05-29 03:02 - 2013-05-29 03:02 - 32156472 ____A C:\Documents and Settings\D\Desktop\INDONESIAN_TICKLE_TORTURE.mp4
2013-05-28 18:33 - 2012-05-23 21:42 - 00000000 ____D C:\Program Files\Replay Video Capture
2013-05-28 11:48 - 2013-05-28 11:48 - 06912054 ____A C:\Documents and Settings\D\Desktop\ryandixonnevershootapanda.bmp
2013-05-25 01:29 - 2012-10-30 20:40 - 00000000 ___RD C:\Program Files\Skype
2013-05-25 01:29 - 2010-11-16 23:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-05-24 13:28 - 2013-01-11 03:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-24 01:19 - 2013-05-23 18:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-22 13:54 - 2013-05-22 13:54 - 00019131 ____A C:\Documents and Settings\D\hs_err_pid2704.log
2013-05-22 13:54 - 2013-05-22 13:54 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\Unity
2013-05-21 04:56 - 2013-05-21 04:56 - 00576726 ____A C:\Documents and Settings\D\My Documents\how asians party.mp4
2013-05-20 16:56 - 2013-05-20 16:56 - 00601720 ____A C:\Documents and Settings\D\My Documents\Cyborg_is_Muslim.mp4
2013-05-20 16:03 - 2013-05-20 16:03 - 02425374 ____A C:\Documents and Settings\D\My Documents\New_Moon_Commercial_Panda.mp4

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additon.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-06-2013
Ran by D at 2013-06-19 22:46:32 Run:
Running from C:\Documents and Settings\D\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 6.1.2)
3600_Help (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader 9.4.1 (Version: 9.4.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
AIM 7
Any Video Converter 3.3.8
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.2.120)
Batman: Arkham City™ GOTY (Version: 1.0.0000.133)
BitTorrent (Version: 7.6.1)
BlueStacks App Player (Version: 0.7.13.899)
BlueStacks Notification Center (Version: 0.7.13.899)
BPD_Scan (Version: 3.00.0000)
BPDSoftware_Ini (Version: 1.00.0000)
BrowseToSave 1.74
BufferChm (Version: 140.0.213.000)
CCleaner (Version: 3.18)
CDBurnerXP (Version: 4.3.7.2423)
Cisco Connect (Version: 1.4.11350.0)
Cisco Network Magic (Version: 5.5.09195.0)
Data Fax SoftModem with SmartCP
Dead Rising 2 (Version: 1.0.0000.130)
Dead Rising 2: OTR (Version: 1.0.0000.131)
Dual-Core Optimizer (Version: 1.1.4.0169)
Fable III (Version: 1.0.0001.131)
Fraps
GIMP 2.8.2 (Version: 2.8.2)
Google Update Helper (Version: 1.3.21.145)
HP Driver Diagnostics (Version: 1.03.0009)
HP OfficeJet J3600 (Version: 14.0)
Indeo® Software
J3600_Basic (Version: 140.0.000.000)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (Version: 6.0.310)
K-Lite Codec Pack 6.5.0 (Full) (Version: 6.5.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
ManyCam 3.0.68 (remove only) (Version: 3.0.68)
Mass Effect™ 3 (Version: 1.01.0.0)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 2.1.6805.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Security Essentials (Version: 1.0.2498.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MWSnap 3 (Version: 3.0.0.74)
Network Magic (Version: 5.5.9195.0)
Nexus Mod Manager (Version: 0.41.0)
Notepad++ (Version: 5.9.6.2)
NVIDIA Control Panel 314.07 (Version: 314.07)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 314.07 (Version: 314.07)
NVIDIA HD Audio Driver 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenOffice.org 3.2 (Version: 3.2.9502)
OptimizerPro (Version: 1.0)
Project64 1.6 (Version: 1.6)
Pure Networks Platform (Version: 11.2.09195.1)
QuickTime (Version: 7.68.75.0)
Realtek High Definition Audio Driver
Replay Video Capture (Version: 3.1B)
Scan (Version: 140.0.167.000)
SiSoftware Sandra Lite 2012.SP4 (Version: 18.45.2012.6)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.3 (Version: 6.3.105)
Speccy (Version: 1.18)
Star Wars: The Old Republic (Version: 1.00)
System Requirements Lab CYRI (Version: 5.0.6.0)
System Requirements Lab for Intel (Version: 4.5.5.0)
TeraCopy 2.12
The Elder Scrolls V Skyrim - High Resolution Texture Pack
Toolbox (Version: 140.0.428.000)
TTN3DS (Version: 0.1.0.0)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoPad Video Editor
VirtualCloneDrive
VLC media player 1.1.4 (Version: 1.1.4)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.213.017)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Wrye Bash (Version: 0.3.0.3)

==================== Restore Points  =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2013 09:56:13 PM) (Source: OptimizerProUpdater) (User: )
Description: BITS download from http://kosher-toolbar.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145386479 The server did not return the file size. The URL might point to dynamic content. The Content-Length header is not available in the server's HTTP reply.

Error: (06/19/2013 09:55:26 PM) (Source: OptimizerProUpdater) (User: )
Description: BITS download from http://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145386479 The server did not return the file size. The URL might point to dynamic content. The Content-Length header is not available in the server's HTTP reply.

Error: (06/19/2013 03:58:57 PM) (Source: OptimizerProUpdater) (User: )
Description: BITS download from http://kosher-toolbar.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145844844 The requested URL does not exist on the server.

Error: (06/19/2013 03:58:34 PM) (Source: OptimizerProUpdater) (User: )
Description: BITS download from http://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145844844 The requested URL does not exist on the server.

Error: (06/19/2013 10:02:10 AM) (Source: OptimizerProUpdater) (User: )
Description: BITS download from http://kosher-file.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145844844 The requested URL does not exist on the server.

Error: (06/19/2013 10:01:45 AM) (Source: OptimizerProUpdater) (User: )
Description: BITS download from http://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145844844 The requested URL does not exist on the server.

Error: (06/19/2013 08:55:29 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (06/19/2013 08:55:28 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error: (06/19/2013 08:55:27 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (06/19/2013 08:52:43 AM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (06/19/2013 08:19:44 PM) (Source: Service Control Manager) (User: )
Description: The AOL Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/19/2013 10:13:27 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.100 for the Network Card with network address 001BB9FB2C69 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/19/2013 08:55:35 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error: (06/19/2013 08:54:19 AM) (Source: System Error) (User: )
Description: Error code 00000024, parameter1 001902fe, parameter2 b2395030, parameter3 b2394d2c, parameter4 8054bfcb.

Error: (06/19/2013 08:52:43 AM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (06/18/2013 10:13:25 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.100 for the Network Card with network address 001BB9FB2C69 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/18/2013 08:48:25 AM) (Source: System Error) (User: )
Description: Error code 1000000a, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 8050392e.

Error: (06/18/2013 08:43:42 AM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (06/17/2013 10:13:23 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.100 for the Network Card with network address 001BB9FB2C69 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/17/2013 09:03:14 AM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 bf801226, parameter3 b2c94a48, parameter4 00000000.


Microsoft Office Sessions:
=========================
Error: (06/19/2013 09:56:13 PM) (Source: OptimizerProUpdater)(User: )
Description: BITS download from http://kosher-toolbar.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145386479 The server did not return the file size. The URL might point to dynamic content. The Content-Length header is not available in the server's HTTP reply.

Error: (06/19/2013 09:55:26 PM) (Source: OptimizerProUpdater)(User: )
Description: BITS download from http://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145386479 The server did not return the file size. The URL might point to dynamic content. The Content-Length header is not available in the server's HTTP reply.

Error: (06/19/2013 03:58:57 PM) (Source: OptimizerProUpdater)(User: )
Description: BITS download from http://kosher-toolbar.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145844844 The requested URL does not exist on the server.

Error: (06/19/2013 03:58:34 PM) (Source: OptimizerProUpdater)(User: )
Description: BITS download from http://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145844844 The requested URL does not exist on the server.

Error: (06/19/2013 10:02:10 AM) (Source: OptimizerProUpdater)(User: )
Description: BITS download from http://kosher-file.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145844844 The requested URL does not exist on the server.

Error: (06/19/2013 10:01:45 AM) (Source: OptimizerProUpdater)(User: )
Description: BITS download from http://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2BxpFQEVbcdef%2B0m7ZCnRJmBDQ54flwYzagtMfcsfefUCsm%2BcK2R8MDcfTKh49ZOSEh%2F0ritx%2BGRPyLQxwjIVLo47SvugiFUhHhLMvtSlOa8gERAobODermSggVrZBhFOKUJ1t5FstIQU1GKdbuEaa9LjT45g%2FzihAaW4BwGYlLljg1%2B8MgmVCuLMK4fzGC8b%2BphfcAlSzhZeUHV0ym7vyCCGJI1qeERfqeqSR4toMKH4MJZcymxG2SGwxE%2F3qv3dq2lgLFwH2AIWkPSBEAfUSO31ThTB%2FDwJRiY8Xn%2Fchki%2Fz4hXm33df%2FmAlYKCKixCzhdH8C%2F6goICRbvkxRYjMzJnAwmVmRafiPfdBJ8EW8SdjJfpwJsDeQBJY7LNG78ksc632Zwj52BvlL1J7RUhmrCWG3U0jvFLsKObZwNvKTClre%2B66T89OQLwVXQISuSe9YkIX5IBx9tFPoflodC2GAGApdP failed 5:-2145844844 The requested URL does not exist on the server.

Error: (06/19/2013 08:55:29 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (06/19/2013 08:55:28 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{6C298884-91FD-408C-9D90-5A59D2C29FD1}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log

Error: (06/19/2013 08:55:27 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (06/19/2013 08:52:43 AM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3454.4 MB
Available physical RAM: 1932.02 MB
Total Pagefile: 7383.78 MB
Available Pagefile: 5739.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:64.07 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

ark.txt

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-19 23:13:59
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD3200AAKS-00UU3A0 rev.01.03B01 298.09GB
Running: ykbmpqbl.exe; Driver: C:\DOCUME~1\D\LOCALS~1\Temp\uxtdqpow.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{07825D4E-E412-4DB4-BD5C-5ED77C3BD3AA}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{0AAF10AF-4D68-47F4-8452-C000CE07D181}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{1366F3E8-91F6-4C90-968E-A66C7E30CF98}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{13FD374E-CAE9-4A16-AA33-C516B2B9243F}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{279138DB-4BFA-4C3C-9BC3-224D226DF96B}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{2AF28CC2-7BAA-409B-9F86-9F8FBE2218C0}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{32B9E200-DCE4-475C-8AE8-6E43B77F9194}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{34AD856B-E7D0-46A0-9CF4-058FD34C8204}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{56FA123E-F064-43C2-A15D-7007871A6479}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{57B7ABCC-D4AD-430F-BC5F-5425122B7852}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{620BBA45-4631-4153-A53E-32FB4121E5FB}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{65B19258-46E5-4928-9299-8F2A23D2BEA2}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{7B13F783-D5F8-45F7-809E-F64D5831615B}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{932A9D08-B712-4480-BF7C-9DED98F585C1}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{9B773D31-F081-4583-8915-AE3E39775982}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{9E1609B6-5640-4464-BE0B-9B64856423D6}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{A333673F-B8C1-4F78-B660-46C9310E6F24}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{CF77EBB0-163B-4212-B29F-77507127219E}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{E3CD573B-0831-44CA-B3C3-83F7DD4EA351}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet001\Control\Video\{EFA52AAE-74D8-4A7F-9603-BEE3F2432821}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{07825D4E-E412-4DB4-BD5C-5ED77C3BD3AA}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{0AAF10AF-4D68-47F4-8452-C000CE07D181}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{1366F3E8-91F6-4C90-968E-A66C7E30CF98}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{13FD374E-CAE9-4A16-AA33-C516B2B9243F}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{279138DB-4BFA-4C3C-9BC3-224D226DF96B}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{2AF28CC2-7BAA-409B-9F86-9F8FBE2218C0}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{32B9E200-DCE4-475C-8AE8-6E43B77F9194}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{34AD856B-E7D0-46A0-9CF4-058FD34C8204}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{56FA123E-F064-43C2-A15D-7007871A6479}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{57B7ABCC-D4AD-430F-BC5F-5425122B7852}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{620BBA45-4631-4153-A53E-32FB4121E5FB}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{65B19258-46E5-4928-9299-8F2A23D2BEA2}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{7B13F783-D5F8-45F7-809E-F64D5831615B}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{932A9D08-B712-4480-BF7C-9DED98F585C1}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{9B773D31-F081-4583-8915-AE3E39775982}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{9E1609B6-5640-4464-BE0B-9B64856423D6}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{A333673F-B8C1-4F78-B660-46C9310E6F24}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{CF77EBB0-163B-4212-B29F-77507127219E}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{E3CD573B-0831-44CA-B3C3-83F7DD4EA351}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\ControlSet002\Control\Video\{EFA52AAE-74D8-4A7F-9603-BEE3F2432821}\0000@D3D_\x3332\x3331      2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{07825D4E-E412-4DB4-BD5C-5ED77C3BD3AA}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{0AAF10AF-4D68-47F4-8452-C000CE07D181}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{1366F3E8-91F6-4C90-968E-A66C7E30CF98}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{13FD374E-CAE9-4A16-AA33-C516B2B9243F}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{279138DB-4BFA-4C3C-9BC3-224D226DF96B}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{2AF28CC2-7BAA-409B-9F86-9F8FBE2218C0}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{32B9E200-DCE4-475C-8AE8-6E43B77F9194}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{34AD856B-E7D0-46A0-9CF4-058FD34C8204}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{56FA123E-F064-43C2-A15D-7007871A6479}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{57B7ABCC-D4AD-430F-BC5F-5425122B7852}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{620BBA45-4631-4153-A53E-32FB4121E5FB}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{65B19258-46E5-4928-9299-8F2A23D2BEA2}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{7B13F783-D5F8-45F7-809E-F64D5831615B}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{932A9D08-B712-4480-BF7C-9DED98F585C1}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{9B773D31-F081-4583-8915-AE3E39775982}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{9E1609B6-5640-4464-BE0B-9B64856423D6}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{A333673F-B8C1-4F78-B660-46C9310E6F24}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{CF77EBB0-163B-4212-B29F-77507127219E}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{E3CD573B-0831-44CA-B3C3-83F7DD4EA351}\0000@D3D_\x3332\x3331  2089309684
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Video\{EFA52AAE-74D8-4A7F-9603-BEE3F2432821}\0000@D3D_\x3332\x3331  2089309684

---- EOF - GMER 2.1 ----
 

 

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 20 June 2013 - 04:50 AM

Do you have the XP disk?
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Dmasterman

Dmasterman
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 June 2013 - 05:09 AM

no.



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 20 June 2013 - 05:36 AM

Hit Windows-R, write cmd into the textfield, press enter.
Enter the following command:

chkdsk /f C: > C:\info.txt

hit enter.

Follow the instrcutions on the screen. when prompted, confirm that the check should be run on next reboot.
Reboot the system

when finished, attach C:\info.txt

Edited by TB-Psychotic, 20 June 2013 - 05:36 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Dmasterman

Dmasterman
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 June 2013 - 06:09 AM

I get to the command prompt and I type that in and nothing happens.  It just hits enter and goes to the next line with nothing new or anything happening.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 20 June 2013 - 06:39 AM

Try only:

chkdsk /f
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Dmasterman

Dmasterman
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 June 2013 - 12:46 PM

I receive a message saying "Chkdsk cannot run because the volume is in use by another process. Would ou like to schedule this volume to be checked the next time the system restarts? (Y/N)



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 20 June 2013 - 02:18 PM

Enter y, hit enter and reboot the machine.

Let chkdsk do its work and try again to start up afterwards.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Dmasterman

Dmasterman
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 June 2013 - 07:30 PM

alright computer restarted. now what?



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 20 June 2013 - 11:57 PM

OK, then please post up new logfiles of FRST, please


Edited by TB-Psychotic, 20 June 2013 - 11:57 PM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Dmasterman

Dmasterman
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 June 2013 - 01:12 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2013
Ran by D (administrator) on 20-06-2013 20:09:00
Running from C:\Documents and Settings\D\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
() C:\Documents and Settings\All Users\Application Data\BetterSoft\OptimizerPro\OptimizerPro.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Essentials\msseces.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1335700501\ee\AOLSoftware.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files\Pure Networks\Network Magic\nmapp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\waol.exe
(AOL LLC) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\shellmon.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
(AOL Inc.) C:\Program Files\AIM\aim.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey [1094224 2010-09-15] (Microsoft Corporation)
HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1335700501\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM\...\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM\...\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [472112 2012-12-02] (Cisco Systems, Inc.)
HKLM\...\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [15664416 2013-02-09] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login [x]
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1982312 2013-02-09] ()
HKLM\...\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-06-10] (BlueStack Systems, Inc.)
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Policies\system: [disableregistrytools] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 24.25.227.55 209.18.47.61

FireFox:
========
FF ProfilePath: C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\77radbcm.default
FF SearchEngine: Google
FF Keyword.URL: user_pref("keyword.URL", "");
FF Homepage: user_pref("browser.startup.homepage", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Extension: DownloadHelper - C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\77radbcm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: leethax - C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\77radbcm.default\Extensions\leethax@leethax.net.xpi
FF Extension: No Name - C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\77radbcm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR Extension: (BBrowusse22savve) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojngnjdcpfcogeebncmfoihkinakofid\1

========================== Services (Whitelisted) =================

R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2009-07-07] (Cisco Systems, Inc.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe [95896 2009-04-26] (SiSoftware)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2012-05-13] ()
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-06-10] (BlueStack Systems)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2010-02-09] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2010-02-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2010-02-09] (HP)
R3 HSX_DP; C:\Windows\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2012-05-13] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-10] (ManyCam LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [151216 2010-03-25] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [128440 2012-12-18] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [25392 2009-07-07] (Cisco Systems, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26672 2009-07-07] (Cisco Systems, Inc.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R3 winachsx; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-06-20 20:05 - 2013-06-20 20:05 - 01368343 ____A (Farbar) C:\Documents and Settings\D\Desktop\FRST.exe
2013-06-20 07:50 - 2013-06-20 07:50 - 00090112 ____A C:\Windows\Minidump\Mini062013-01.dmp
2013-06-20 01:06 - 2013-06-20 01:28 - 00000762 ____A C:\info.txt
2013-06-19 23:13 - 2013-06-19 23:13 - 00007723 ____A C:\Documents and Settings\D\My Documents\ark.txt
2013-06-19 22:46 - 2013-06-19 22:46 - 00000000 ____D C:\FRST
2013-06-19 08:52 - 2013-06-19 08:52 - 00090112 ____A C:\Windows\Minidump\Mini061913-02.dmp
2013-06-19 08:47 - 2013-06-19 08:47 - 00090112 ____A C:\Windows\Minidump\Mini061913-01.dmp
2013-06-18 22:21 - 2013-06-18 22:21 - 00465369 ____A C:\Documents and Settings\D\Desktop\722001_536432716423449_913960351_n.mp4
2013-06-18 09:02 - 2013-06-18 09:03 - 00023213 ____A C:\Documents and Settings\D\Desktop\Result.txt
2013-06-18 09:00 - 2013-06-18 09:00 - 00760775 ____A (Farbar) C:\Documents and Settings\D\Desktop\MiniToolBox.exe
2013-06-18 08:47 - 2013-06-18 08:47 - 00090112 ____A C:\Windows\Minidump\Mini061813-01.dmp
2013-06-17 17:27 - 2013-06-17 17:32 - 36866280 ____A C:\Documents and Settings\D\Desktop\male.mp4
2013-06-17 09:04 - 2013-06-20 14:13 - 00121054 ____A C:\Documents and Settings\D\Desktop\err.bmp
2013-06-17 09:02 - 2013-06-17 09:02 - 00090112 ____A C:\Windows\Minidump\Mini061713-01.dmp
2013-06-16 17:55 - 2013-06-16 17:55 - 00053063 ____A C:\Documents and Settings\D\My Documents\11761928823674957522.jpeg
2013-06-16 17:55 - 2013-06-16 17:55 - 00027651 ____A C:\Documents and Settings\D\My Documents\6021507650476943088.jpeg
2013-06-16 17:55 - 2013-06-16 17:55 - 00025630 ____A C:\Documents and Settings\D\My Documents\3635179021952784597.jpeg
2013-06-16 16:53 - 2013-06-18 22:21 - 00000000 ____D C:\Documents and Settings\D\Desktop\Berenice Choong imgz
2013-06-16 08:48 - 2013-06-16 08:48 - 00001554 ____A C:\Documents and Settings\All Users\Desktop\Start BlueStacks.lnk
2013-06-16 08:48 - 2013-06-16 08:48 - 00000000 ____D C:\Program Files\BlueStacks
2013-06-16 08:47 - 2013-06-16 08:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BlueStacks
2013-06-13 08:28 - 2013-06-13 08:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-13 08:25 - 2013-06-13 08:25 - 00010929 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 07:54 - 2013-06-12 07:53 - 00090112 ____A C:\Windows\Minidump\Mini061213-02.dmp
2013-06-12 07:51 - 2013-06-13 08:28 - 00013718 ____A C:\Windows\KB2839229.log
2013-06-12 07:48 - 2013-06-12 07:48 - 00090112 ____A C:\Windows\Minidump\Mini061213-01.dmp
2013-06-10 20:28 - 2013-06-10 20:42 - 00000000 ____D C:\Documents and Settings\D\Desktop\AgeofWushu
2013-06-10 09:45 - 2013-06-10 09:45 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\FLT
2013-06-10 08:04 - 2013-06-10 08:04 - 00000000 ____D C:\Program Files\DIFX
2013-06-10 08:03 - 2013-06-10 08:04 - 00006858 ____A C:\Windows\DPINST.LOG
2013-06-10 08:03 - 2006-07-01 22:39 - 00036864 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\AmdK8.sys
2013-06-09 21:14 - 2013-06-09 21:14 - 00355464 ____A C:\Documents and Settings\D\Desktop\tetekkelasa.3gp
2013-06-09 06:26 - 2013-06-09 06:26 - 00090112 ____A C:\Windows\Minidump\Mini060913-01.dmp
2013-06-08 05:14 - 2013-06-08 05:14 - 16106856 ____A C:\Documents and Settings\D\Desktop\517809357_2.mp4
2013-06-07 04:19 - 2013-06-07 04:33 - 32587421 ____A C:\Documents and Settings\D\Desktop\xa0kvs_kiefer-s-interview-scenes-lost-boys_shortfilms.mp4
2013-06-05 03:56 - 2013-06-05 03:56 - 00463453 ____A C:\Documents and Settings\D\Desktop\762325_523103351082980_331563800_n-1.mp4
2013-06-03 19:43 - 2013-06-03 19:43 - 02439303 ____A C:\Documents and Settings\D\Desktop\743363_10151270863584058_684862730_n.mp4
2013-06-03 19:43 - 2013-06-03 19:43 - 01074033 ____A C:\Documents and Settings\D\Desktop\724634_10151270848714058_1958442120_n.mp4
2013-06-02 06:24 - 2013-06-02 06:28 - 161901112 ____A C:\Documents and Settings\D\Desktop\xzvkxb_hikonin-sentai-akibaranger-season-2-episode-5-english-subbed_fun.mp4
2013-06-01 19:52 - 2013-06-01 19:53 - 00000000 ____D C:\Documents and Settings\D\Desktop\JIGGLE AND ASS IT WORKS YES
2013-05-31 16:44 - 2013-05-31 16:43 - 00069552 ___AH C:\Windows\Minidump\Mini053113-01.dmp
2013-05-30 10:17 - 2013-05-30 10:17 - 04129475 ____A C:\Documents and Settings\D\Desktop\Bugs_Bunny_-_Sparta_Remix.mp4
2013-05-29 22:44 - 2013-03-17 05:45 - 00001277 ____A C:\Documents and Settings\D\Desktop\ElfBodyFix.esp
2013-05-29 03:02 - 2013-05-29 03:02 - 32156472 ____A C:\Documents and Settings\D\Desktop\INDONESIAN_TICKLE_TORTURE.mp4
2013-05-28 11:48 - 2013-05-28 11:48 - 06912054 ____A C:\Documents and Settings\D\Desktop\ryandixonnevershootapanda.bmp
2013-05-23 18:36 - 2013-05-24 01:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-22 13:54 - 2013-05-22 13:54 - 00019131 ____A C:\Documents and Settings\D\hs_err_pid2704.log
2013-05-22 13:54 - 2013-05-22 13:54 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\Unity
2013-05-21 04:56 - 2013-05-21 04:56 - 00576726 ____A C:\Documents and Settings\D\My Documents\how asians party.mp4

==================== One Month Modified Files and Folders ========

2013-06-20 20:05 - 2013-06-20 20:05 - 01368343 ____A (Farbar) C:\Documents and Settings\D\Desktop\FRST.exe
2013-06-20 19:29 - 2012-07-24 16:09 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cd6a0a8a3231d8.job
2013-06-20 19:16 - 2013-02-28 13:37 - 00007832 ____A C:\Windows\System32\nvAppTimestamps
2013-06-20 19:13 - 2012-04-27 23:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 18:29 - 2012-04-27 19:55 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd2503770d2b36.job
2013-06-20 14:43 - 2010-11-02 21:06 - 01441703 ____A C:\Windows\WindowsUpdate.log
2013-06-20 14:28 - 2010-11-02 21:03 - 00000000 ____D C:\Windows\Registration
2013-06-20 14:27 - 2013-04-15 02:09 - 00000560 ___AH C:\Windows\Tasks\schedule!1173230912.job
2013-06-20 14:27 - 2013-02-28 20:02 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
2013-06-20 14:27 - 2012-04-30 02:09 - 00000062 __ASH C:\Documents and Settings\D\Local Settings\desktop.ini
2013-06-20 14:27 - 2010-11-02 21:20 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-20 14:27 - 2010-11-02 21:20 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 14:27 - 2010-11-02 21:10 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-20 14:27 - 2010-11-02 10:59 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-20 14:27 - 2010-11-02 10:59 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-20 14:20 - 2012-04-30 02:09 - 00000178 ___SH C:\Documents and Settings\D\ntuser.ini
2013-06-20 14:20 - 2010-11-02 21:20 - 00032606 ____A C:\Windows\SchedLgU.Txt
2013-06-20 14:13 - 2013-06-17 09:04 - 00121054 ____A C:\Documents and Settings\D\Desktop\err.bmp
2013-06-20 07:50 - 2013-06-20 07:50 - 00090112 ____A C:\Windows\Minidump\Mini062013-01.dmp
2013-06-20 07:50 - 2010-11-07 06:59 - 00000000 ____D C:\Windows\Minidump
2013-06-20 01:28 - 2013-06-20 01:06 - 00000762 ____A C:\info.txt
2013-06-20 01:24 - 2013-01-08 08:27 - 00000754 ____A C:\Windows\WORDPAD.INI
2013-06-20 00:21 - 2010-11-22 00:21 - 00000264 ____A C:\Windows\Tasks\WebReg .job
2013-06-19 23:13 - 2013-06-19 23:13 - 00007723 ____A C:\Documents and Settings\D\My Documents\ark.txt
2013-06-19 22:46 - 2013-06-19 22:46 - 00000000 ____D C:\FRST
2013-06-19 20:02 - 2012-08-23 11:15 - 00344576 _ASHC C:\Documents and Settings\D\My Documents\Thumbs.db
2013-06-19 17:44 - 2013-01-04 10:04 - 00510976 __ASH C:\Documents and Settings\D\Desktop\Thumbs.db
2013-06-19 08:52 - 2013-06-19 08:52 - 00090112 ____A C:\Windows\Minidump\Mini061913-02.dmp
2013-06-19 08:51 - 2010-11-02 10:49 - 00090112 ____A C:\Windows\DUMP519a.tmp
2013-06-19 08:47 - 2013-06-19 08:47 - 00090112 ____A C:\Windows\Minidump\Mini061913-01.dmp
2013-06-18 22:21 - 2013-06-18 22:21 - 00465369 ____A C:\Documents and Settings\D\Desktop\722001_536432716423449_913960351_n.mp4
2013-06-18 22:21 - 2013-06-16 16:53 - 00000000 ____D C:\Documents and Settings\D\Desktop\Berenice Choong imgz
2013-06-18 09:04 - 2012-09-17 16:46 - 00668546 ____A C:\Windows\setupapi.log
2013-06-18 09:03 - 2013-06-18 09:02 - 00023213 ____A C:\Documents and Settings\D\Desktop\Result.txt
2013-06-18 09:00 - 2013-06-18 09:00 - 00760775 ____A (Farbar) C:\Documents and Settings\D\Desktop\MiniToolBox.exe
2013-06-18 08:47 - 2013-06-18 08:47 - 00090112 ____A C:\Windows\Minidump\Mini061813-01.dmp
2013-06-17 23:36 - 2012-04-30 19:13 - 00000000 ____D C:\Documents and Settings\D\Application Data\BitTorrent
2013-06-17 19:40 - 2012-05-02 22:11 - 00000000 ____D C:\Documents and Settings\D\Desktop\DL
2013-06-17 17:32 - 2013-06-17 17:27 - 36866280 ____A C:\Documents and Settings\D\Desktop\male.mp4
2013-06-17 09:02 - 2013-06-17 09:02 - 00090112 ____A C:\Windows\Minidump\Mini061713-01.dmp
2013-06-16 17:55 - 2013-06-16 17:55 - 00053063 ____A C:\Documents and Settings\D\My Documents\11761928823674957522.jpeg
2013-06-16 17:55 - 2013-06-16 17:55 - 00027651 ____A C:\Documents and Settings\D\My Documents\6021507650476943088.jpeg
2013-06-16 17:55 - 2013-06-16 17:55 - 00025630 ____A C:\Documents and Settings\D\My Documents\3635179021952784597.jpeg
2013-06-16 11:40 - 2010-11-02 21:03 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-16 08:48 - 2013-06-16 08:48 - 00001554 ____A C:\Documents and Settings\All Users\Desktop\Start BlueStacks.lnk
2013-06-16 08:48 - 2013-06-16 08:48 - 00000000 ____D C:\Program Files\BlueStacks
2013-06-16 08:48 - 2013-06-16 08:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BlueStacks
2013-06-15 13:46 - 2013-04-16 14:10 - 00000000 ____D C:\Program Files\The Elder Scrolls V Skyrim
2013-06-14 15:52 - 2010-11-02 23:03 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-06-13 08:28 - 2013-06-13 08:28 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-13 08:28 - 2013-06-12 07:51 - 00013718 ____A C:\Windows\KB2839229.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00277517 ____A C:\Windows\iis6.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00259687 ____A C:\Windows\FaxSetup.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00124152 ____A C:\Windows\ocgen.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00118482 ____A C:\Windows\tsoc.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00085586 ____A C:\Windows\comsetup.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00078400 ____A C:\Windows\msmqinst.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00051907 ____A C:\Windows\ntdtcsetup.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00045486 ____A C:\Windows\netfxocm.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00028938 ____A C:\Windows\plusoc.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00018060 ____A C:\Windows\MedCtrOC.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00014364 ____A C:\Windows\ocmsn.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00014196 ____A C:\Windows\ehOCGen.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00013062 ____A C:\Windows\tabletoc.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00012978 ____A C:\Windows\msgsocm.log
2013-06-13 08:28 - 2012-09-28 03:00 - 00001374 ____A C:\Windows\imsins.log
2013-06-13 08:26 - 2010-11-02 22:31 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:25 - 2013-06-13 08:25 - 00010929 ____A C:\Windows\KB2838727-IE8.log
2013-06-13 08:25 - 2012-09-28 03:00 - 00021784 ____A C:\Windows\updspapi.log
2013-06-13 08:25 - 2012-09-28 03:00 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-13 08:25 - 2010-11-02 22:33 - 00000000 ____D C:\Windows\ie8updates
2013-06-12 07:53 - 2013-06-12 07:54 - 00090112 ____A C:\Windows\Minidump\Mini061213-02.dmp
2013-06-12 07:48 - 2013-06-12 07:48 - 00090112 ____A C:\Windows\Minidump\Mini061213-01.dmp
2013-06-10 20:42 - 2013-06-10 20:28 - 00000000 ____D C:\Documents and Settings\D\Desktop\AgeofWushu
2013-06-10 11:02 - 2010-11-02 10:56 - 00647862 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-10 09:45 - 2013-06-10 09:45 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\FLT
2013-06-10 09:45 - 2012-04-30 02:12 - 00000000 ____D C:\Documents and Settings\D\My Documents\My Games
2013-06-10 08:04 - 2013-06-10 08:04 - 00000000 ____D C:\Program Files\DIFX
2013-06-10 08:04 - 2013-06-10 08:03 - 00006858 ____A C:\Windows\DPINST.LOG
2013-06-10 08:04 - 2010-11-02 21:30 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-06-10 08:03 - 2010-11-02 21:05 - 00000000 ____D C:\Windows\System32\DirectX
2013-06-10 08:03 - 2010-11-02 10:55 - 00000337 __RSH C:\boot.ini
2013-06-09 21:14 - 2013-06-09 21:14 - 00355464 ____A C:\Documents and Settings\D\Desktop\tetekkelasa.3gp
2013-06-09 15:25 - 2012-04-30 16:06 - 00000000 ____D C:\Documents and Settings\D\Application Data\vlc
2013-06-09 06:26 - 2013-06-09 06:26 - 00090112 ____A C:\Windows\Minidump\Mini060913-01.dmp
2013-06-08 05:14 - 2013-06-08 05:14 - 16106856 ____A C:\Documents and Settings\D\Desktop\517809357_2.mp4
2013-06-07 05:30 - 2012-04-30 16:06 - 00226304 ____A C:\Documents and Settings\D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-07 04:33 - 2013-06-07 04:19 - 32587421 ____A C:\Documents and Settings\D\Desktop\xa0kvs_kiefer-s-interview-scenes-lost-boys_shortfilms.mp4
2013-06-05 03:56 - 2013-06-05 03:56 - 00463453 ____A C:\Documents and Settings\D\Desktop\762325_523103351082980_331563800_n-1.mp4
2013-06-03 19:43 - 2013-06-03 19:43 - 02439303 ____A C:\Documents and Settings\D\Desktop\743363_10151270863584058_684862730_n.mp4
2013-06-03 19:43 - 2013-06-03 19:43 - 01074033 ____A C:\Documents and Settings\D\Desktop\724634_10151270848714058_1958442120_n.mp4
2013-06-02 06:28 - 2013-06-02 06:24 - 161901112 ____A C:\Documents and Settings\D\Desktop\xzvkxb_hikonin-sentai-akibaranger-season-2-episode-5-english-subbed_fun.mp4
2013-06-02 01:15 - 2013-05-16 16:49 - 00000000 ____D C:\Documents and Settings\D\Desktop\Current Data
2013-06-01 19:53 - 2013-06-01 19:52 - 00000000 ____D C:\Documents and Settings\D\Desktop\JIGGLE AND ASS IT WORKS YES
2013-05-31 21:49 - 2012-09-17 16:46 - 00000408 ____A C:\Windows\setupact.log
2013-05-31 16:43 - 2013-05-31 16:44 - 00069552 ___AH C:\Windows\Minidump\Mini053113-01.dmp
2013-05-30 10:17 - 2013-05-30 10:17 - 04129475 ____A C:\Documents and Settings\D\Desktop\Bugs_Bunny_-_Sparta_Remix.mp4
2013-05-29 23:27 - 2013-04-15 02:06 - 00000000 ____D C:\Documents and Settings\D\Desktop\skyrim hazardous mods
2013-05-29 22:15 - 2013-05-15 01:05 - 00000000 ____D C:\Documents and Settings\D\Desktop\skyrim cleaner
2013-05-29 20:18 - 2013-02-03 02:31 - 00000000 ____D C:\Documents and Settings\D\My Documents\Nexus Mod Manager
2013-05-29 20:18 - 2012-04-30 02:12 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\Skyrim
2013-05-29 03:02 - 2013-05-29 03:02 - 32156472 ____A C:\Documents and Settings\D\Desktop\INDONESIAN_TICKLE_TORTURE.mp4
2013-05-28 18:33 - 2012-05-23 21:42 - 00000000 ____D C:\Program Files\Replay Video Capture
2013-05-28 11:48 - 2013-05-28 11:48 - 06912054 ____A C:\Documents and Settings\D\Desktop\ryandixonnevershootapanda.bmp
2013-05-28 03:38 - 2012-05-16 03:25 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\WMTools Downloaded Files
2013-05-25 01:29 - 2012-10-30 20:40 - 00000000 ___RD C:\Program Files\Skype
2013-05-25 01:29 - 2010-11-16 23:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-05-24 13:28 - 2013-01-11 03:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-24 01:19 - 2013-05-23 18:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-22 13:54 - 2013-05-22 13:54 - 00019131 ____A C:\Documents and Settings\D\hs_err_pid2704.log
2013-05-22 13:54 - 2013-05-22 13:54 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Application Data\Unity
2013-05-21 04:56 - 2013-05-21 04:56 - 00576726 ____A C:\Documents and Settings\D\My Documents\how asians party.mp4

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 21 June 2013 - 01:33 AM

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic %5BB%5D How to disable your security applications[/b]


====================================================


Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Dmasterman

Dmasterman
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 June 2013 - 01:25 PM

ComboFix 13-06-21.02 - D 06/21/2013   8:13.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3454.2205 [GMT -10:00]
Running from: c:\documents and settings\D\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\BBrowusse22savve
c:\documents and settings\All Users\Application Data\BBrowusse22savve\516bedda160b8.tlb
c:\documents and settings\All Users\Application Data\BBrowusse22savve\settings.ini
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\D\Recent\Thumbs.db
c:\windows\system\d3d10core.dll
c:\windows\system\D3DX10d_39.dll
c:\windows\system32\frapsvid.dll
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-21 to 2013-06-21  )))))))))))))))))))))))))))))))
.
.
2013-06-20 08:46 . 2013-06-20 08:46    --------    d-----w-    C:\FRST
2013-06-16 18:48 . 2013-06-16 18:48    --------    d-----w-    c:\program files\BlueStacks
2013-06-16 18:47 . 2013-06-16 18:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\BlueStacks
2013-06-10 19:45 . 2013-06-10 19:45    --------    d-----w-    c:\documents and settings\D\Local Settings\Application Data\FLT
2013-06-10 18:04 . 2013-06-10 18:04    --------    d-----w-    c:\program files\DIFX
2013-06-10 18:03 . 2006-07-02 08:39    36864    ----a-w-    c:\windows\system32\drivers\AmdK8.sys
2013-05-22 23:54 . 2013-05-22 23:54    --------    d-----w-    c:\documents and settings\D\Local Settings\Application Data\Unity
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-19 18:51 . 2010-11-02 20:49    90112    ----a-w-    c:\windows\DUMP519a.tmp
2013-05-07 22:30 . 2004-08-10 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-10 12:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-10 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-10 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-05-03 01:30 . 2004-08-10 12:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2004-08-10 12:00    1876352    ----a-w-    c:\windows\system32\win32k.sys
2013-04-05 00:50 . 2012-04-28 06:27    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-31 14:06 . 2012-04-28 09:48    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-31 14:06 . 2012-04-28 09:48    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"HostManager"="c:\program files\Common Files\AOL\1335700501\ee\AOLSoftware.exe" [2010-03-08 41800]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-08 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2012-12-02 472112]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-02-10 15664416]
"NvMediaCenter"="NvMCTray.dll" [2013-02-10 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-02-10 1982312]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2013-06-10 601928]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mass Effect 3\\Binaries\\Win32\\MassEffect3.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\1335700501\\ee\\AOLDesktop.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1363\\Agent.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars-The Old Republic\\launcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\The Elder Scrolls V Skyrim\\CreationKit.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [6/10/2013 12:32 PM 63816]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [6/10/2013 12:32 PM 384840]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/10/2012 8:31 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2012 8:27 PM 701512]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5/14/2013 1:26 PM 3289208]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [1/10/2012 8:11 PM 32000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/27/2012 8:27 PM 22856]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2/22/2012 12:34 AM 22400]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [6/10/2013 12:32 PM 393032]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe [5/1/2012 4:08 PM 95896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 14:06]
.
2013-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:50]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd2503770d2b36.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 20:38]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd6a0a8a3231d8.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 20:38]
.
2013-06-21 c:\windows\Tasks\schedule!1173230912.job
- c:\documents and settings\All Users\Application Data\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-04-15 19:58]
.
2012-06-06 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-05-30 03:07]
.
2013-06-21 c:\windows\Tasks\WebReg .job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2010-05-28 10:25]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.2.1 24.25.227.55 209.18.47.61
FF - ProfilePath - c:\documents and settings\D\Application Data\Mozilla\Firefox\Profiles\77radbcm.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1 - c:\program files\The Elder Scrolls V Skyrim\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-21 08:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-06-21  08:21:20
ComboFix-quarantined-files.txt  2013-06-21 18:21
.
Pre-Run: 68,767,547,392 bytes free
Post-Run: 70,622,806,016 bytes free
.
- - End Of File - - C60F1D0A335FDAAD079864D68DA13F9D
8F558EB6672622401DA993E1E865C861
 

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users