A case of several viruses invading system registry
- Thread starter Aelo123
- Start date
- Status
Sorry, I forgot. Here it is:-
All processes killed
========== OTL ==========
Unable to kill active process explorer.exe!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21087D8A-7075-41CF-86F0-12F73EE04367}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21087D8A-7075-41CF-86F0-12F73EE04367}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Alnaddy" removed from browser.search.selectedEngine
Prefs.js: "http://www.alnaddy.com/?afltid=wbpk" removed from browser.startup.homepage
Prefs.js: "http://www.alnaddy.com/search/?q=" removed from keyword.URL
File C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ not found.
File C:\ProgramData\Codecv\bhoclass.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ not found.
File C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CD3AED25-23AB-4543-B915-159449C37197} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD3AED25-23AB-4543-B915-159449C37197}\ not found.
File C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:0B4227B4 .
========== SERVICES/DRIVERS ==========
Error: No service named zppinger was found to stop!
Service\Driver key zppinger not found.
Error: No service named YMIDUSB was found to stop!
Service\Driver key YMIDUSB not found.
Error: No service named YahooAUService was found to stop!
Service\Driver key YahooAUService not found.
Error: No service named wmdmpmsn was found to stop!
Service\Driver key wmdmpmsn not found.
Error: No service named wacomvhid was found to stop!
Service\Driver key wacomvhid not found.
Error: No service named W8100PCI was found to stop!
Service\Driver key W8100PCI not found.
Error: No service named vpctcom was found to stop!
Service\Driver key vpctcom not found.
Error: No service named viaudio was found to stop!
Service\Driver key viaudio not found.
Error: No service named UVCFTR was found to stop!
Service\Driver key UVCFTR not found.
Error: No service named unrealircd was found to stop!
Service\Driver key unrealircd not found.
Error: No service named tvald was found to stop!
Service\Driver key tvald not found.
Error: No service named transcode360 was found to stop!
Service\Driver key transcode360 not found.
Error: No service named tme3srv was found to stop!
Service\Driver key tme3srv not found.
Error: No service named tifmsony was found to stop!
Service\Driver key tifmsony not found.
Error: No service named tb2launch was found to stop!
Service\Driver key tb2launch not found.
Error: No service named symlcbrd was found to stop!
Service\Driver key symlcbrd not found.
Error: No service named StreamDispatcher was found to stop!
Service\Driver key StreamDispatcher not found.
Error: No service named ssmdrv was found to stop!
Service\Driver key ssmdrv not found.
Error: No service named SPFDRV was found to stop!
Service\Driver key SPFDRV not found.
Error: No service named sp_clamsrv was found to stop!
Service\Driver key sp_clamsrv not found.
Error: No service named snoopfree was found to stop!
Service\Driver key snoopfree not found.
Error: No service named SMPLSCSI was found to stop!
Service\Driver key SMPLSCSI not found.
Error: No service named siswlsvc was found to stop!
Service\Driver key siswlsvc not found.
Error: No service named sfman was found to stop!
Service\Driver key sfman not found.
Error: No service named se44nd5 was found to stop!
Service\Driver key se44nd5 not found.
Error: No service named SE2Emdfl was found to stop!
Service\Driver key SE2Emdfl not found.
Error: No service named schscnt was found to stop!
Service\Driver key schscnt not found.
Error: No service named s616mgmt was found to stop!
Service\Driver key s616mgmt not found.
Error: No service named s3savagenb was found to stop!
Service\Driver key s3savagenb not found.
Error: No service named RMSvc was found to stop!
Service\Driver key RMSvc not found.
Error: No service named RDID1007 was found to stop!
Service\Driver key RDID1007 not found.
Error: No service named rchost was found to stop!
Service\Driver key rchost not found.
Error: No service named qbcfmonitorservice was found to stop!
Service\Driver key qbcfmonitorservice not found.
Error: No service named pclepci was found to stop!
Service\Driver key pclepci not found.
Error: No service named ossrv was found to stop!
Service\Driver key ossrv not found.
Error: No service named osanbm was found to stop!
Service\Driver key osanbm not found.
Error: No service named orbpvr was found to stop!
Service\Driver key orbpvr not found.
Error: No service named nv4 was found to stop!
Service\Driver key nv4 not found.
Error: No service named NTACCESS was found to stop!
Service\Driver key NTACCESS not found.
Error: No service named nhcDriverDevice was found to stop!
Service\Driver key nhcDriverDevice not found.
Error: No service named mssql$microsoftsmlbiz was found to stop!
Service\Driver key mssql$microsoftsmlbiz not found.
Error: No service named mfeapfk was found to stop!
Service\Driver key mfeapfk not found.
Error: No service named lxrjd31d was found to stop!
Service\Driver key lxrjd31d not found.
Error: No service named lpx was found to stop!
Service\Driver key lpx not found.
Error: No service named LMouKE was found to stop!
Service\Driver key LMouKE not found.
Error: No service named k750mdfl was found to stop!
Service\Driver key k750mdfl not found.
Error: No service named itmrtsvc was found to stop!
Service\Driver key itmrtsvc not found.
Error: No service named icraplus was found to stop!
Service\Driver key icraplus not found.
Error: No service named hpzid412 was found to stop!
Service\Driver key hpzid412 not found.
Error: No service named hfneavwv was found to stop!
Service\Driver key hfneavwv not found.
Error: No service named Sentertainment was found to stop!
Service\Driver key Sentertainment not found.
Error: No service named eaps2kbd was found to stop!
Service\Driver key eaps2kbd not found.
Error: No service named DynDNS_Updater_Service was found to stop!
Service\Driver key DynDNS_Updater_Service not found.
Error: No service named dmprimer was found to stop!
Service\Driver key dmprimer not found.
Error: No service named ctmmfilt was found to stop!
Service\Driver key ctmmfilt not found.
Error: No service named crystalaps was found to stop!
Service\Driver key crystalaps not found.
Error: No service named cfgwzsvc was found to stop!
Service\Driver key cfgwzsvc not found.
Error: No service named CE3 was found to stop!
Service\Driver key CE3 not found.
Error: No service named cdr4_xp was found to stop!
Service\Driver key cdr4_xp not found.
Error: No service named CdaC15BA was found to stop!
Service\Driver key CdaC15BA not found.
Error: No service named Cam5603D was found to stop!
Service\Driver key Cam5603D not found.
Error: No service named avupdsvc was found to stop!
Service\Driver key avupdsvc not found.
Error: No service named acsvc was found to stop!
Service\Driver key acsvc not found.
Error: No service named AcronisOSSReinstallSvc was found to stop!
Service\Driver key AcronisOSSReinstallSvc not found.
Error: No service named acedrv07 was found to stop!
Service\Driver key acedrv07 not found.
Error: No service named A4S2600 was found to stop!
Service\Driver key A4S2600 not found.
Error: No service named _iomega_active_disk_service_ was found to stop!
Service\Driver key _iomega_active_disk_service_ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\netsvcs deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\"netsvcs"|hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files\Alnaddy.com not found.
File\Folder C:\Program Files\BabylonToolbar not found.
File\Folder C:\ProgramData\Codecv not found.
File\Folder c:\users\hp\AppData\Roaming\Babylon not found.
File\Folder c:\programdata\Babylon not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hp
->Temp folder emptied: 168962 bytes
->Temporary Internet Files folder emptied: 536773 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46866304 bytes
->Google Chrome cache emptied: 77099360 bytes
->Flash cache emptied: 2016 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27710 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 119.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: hp
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.50.0 log created on 06222012_195639
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
Unable to kill active process explorer.exe!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21087D8A-7075-41CF-86F0-12F73EE04367}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21087D8A-7075-41CF-86F0-12F73EE04367}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Alnaddy" removed from browser.search.selectedEngine
Prefs.js: "http://www.alnaddy.com/?afltid=wbpk" removed from browser.startup.homepage
Prefs.js: "http://www.alnaddy.com/search/?q=" removed from keyword.URL
File C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ not found.
File C:\ProgramData\Codecv\bhoclass.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ not found.
File C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CD3AED25-23AB-4543-B915-159449C37197} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD3AED25-23AB-4543-B915-159449C37197}\ not found.
File C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:0B4227B4 .
========== SERVICES/DRIVERS ==========
Error: No service named zppinger was found to stop!
Service\Driver key zppinger not found.
Error: No service named YMIDUSB was found to stop!
Service\Driver key YMIDUSB not found.
Error: No service named YahooAUService was found to stop!
Service\Driver key YahooAUService not found.
Error: No service named wmdmpmsn was found to stop!
Service\Driver key wmdmpmsn not found.
Error: No service named wacomvhid was found to stop!
Service\Driver key wacomvhid not found.
Error: No service named W8100PCI was found to stop!
Service\Driver key W8100PCI not found.
Error: No service named vpctcom was found to stop!
Service\Driver key vpctcom not found.
Error: No service named viaudio was found to stop!
Service\Driver key viaudio not found.
Error: No service named UVCFTR was found to stop!
Service\Driver key UVCFTR not found.
Error: No service named unrealircd was found to stop!
Service\Driver key unrealircd not found.
Error: No service named tvald was found to stop!
Service\Driver key tvald not found.
Error: No service named transcode360 was found to stop!
Service\Driver key transcode360 not found.
Error: No service named tme3srv was found to stop!
Service\Driver key tme3srv not found.
Error: No service named tifmsony was found to stop!
Service\Driver key tifmsony not found.
Error: No service named tb2launch was found to stop!
Service\Driver key tb2launch not found.
Error: No service named symlcbrd was found to stop!
Service\Driver key symlcbrd not found.
Error: No service named StreamDispatcher was found to stop!
Service\Driver key StreamDispatcher not found.
Error: No service named ssmdrv was found to stop!
Service\Driver key ssmdrv not found.
Error: No service named SPFDRV was found to stop!
Service\Driver key SPFDRV not found.
Error: No service named sp_clamsrv was found to stop!
Service\Driver key sp_clamsrv not found.
Error: No service named snoopfree was found to stop!
Service\Driver key snoopfree not found.
Error: No service named SMPLSCSI was found to stop!
Service\Driver key SMPLSCSI not found.
Error: No service named siswlsvc was found to stop!
Service\Driver key siswlsvc not found.
Error: No service named sfman was found to stop!
Service\Driver key sfman not found.
Error: No service named se44nd5 was found to stop!
Service\Driver key se44nd5 not found.
Error: No service named SE2Emdfl was found to stop!
Service\Driver key SE2Emdfl not found.
Error: No service named schscnt was found to stop!
Service\Driver key schscnt not found.
Error: No service named s616mgmt was found to stop!
Service\Driver key s616mgmt not found.
Error: No service named s3savagenb was found to stop!
Service\Driver key s3savagenb not found.
Error: No service named RMSvc was found to stop!
Service\Driver key RMSvc not found.
Error: No service named RDID1007 was found to stop!
Service\Driver key RDID1007 not found.
Error: No service named rchost was found to stop!
Service\Driver key rchost not found.
Error: No service named qbcfmonitorservice was found to stop!
Service\Driver key qbcfmonitorservice not found.
Error: No service named pclepci was found to stop!
Service\Driver key pclepci not found.
Error: No service named ossrv was found to stop!
Service\Driver key ossrv not found.
Error: No service named osanbm was found to stop!
Service\Driver key osanbm not found.
Error: No service named orbpvr was found to stop!
Service\Driver key orbpvr not found.
Error: No service named nv4 was found to stop!
Service\Driver key nv4 not found.
Error: No service named NTACCESS was found to stop!
Service\Driver key NTACCESS not found.
Error: No service named nhcDriverDevice was found to stop!
Service\Driver key nhcDriverDevice not found.
Error: No service named mssql$microsoftsmlbiz was found to stop!
Service\Driver key mssql$microsoftsmlbiz not found.
Error: No service named mfeapfk was found to stop!
Service\Driver key mfeapfk not found.
Error: No service named lxrjd31d was found to stop!
Service\Driver key lxrjd31d not found.
Error: No service named lpx was found to stop!
Service\Driver key lpx not found.
Error: No service named LMouKE was found to stop!
Service\Driver key LMouKE not found.
Error: No service named k750mdfl was found to stop!
Service\Driver key k750mdfl not found.
Error: No service named itmrtsvc was found to stop!
Service\Driver key itmrtsvc not found.
Error: No service named icraplus was found to stop!
Service\Driver key icraplus not found.
Error: No service named hpzid412 was found to stop!
Service\Driver key hpzid412 not found.
Error: No service named hfneavwv was found to stop!
Service\Driver key hfneavwv not found.
Error: No service named Sentertainment was found to stop!
Service\Driver key Sentertainment not found.
Error: No service named eaps2kbd was found to stop!
Service\Driver key eaps2kbd not found.
Error: No service named DynDNS_Updater_Service was found to stop!
Service\Driver key DynDNS_Updater_Service not found.
Error: No service named dmprimer was found to stop!
Service\Driver key dmprimer not found.
Error: No service named ctmmfilt was found to stop!
Service\Driver key ctmmfilt not found.
Error: No service named crystalaps was found to stop!
Service\Driver key crystalaps not found.
Error: No service named cfgwzsvc was found to stop!
Service\Driver key cfgwzsvc not found.
Error: No service named CE3 was found to stop!
Service\Driver key CE3 not found.
Error: No service named cdr4_xp was found to stop!
Service\Driver key cdr4_xp not found.
Error: No service named CdaC15BA was found to stop!
Service\Driver key CdaC15BA not found.
Error: No service named Cam5603D was found to stop!
Service\Driver key Cam5603D not found.
Error: No service named avupdsvc was found to stop!
Service\Driver key avupdsvc not found.
Error: No service named acsvc was found to stop!
Service\Driver key acsvc not found.
Error: No service named AcronisOSSReinstallSvc was found to stop!
Service\Driver key AcronisOSSReinstallSvc not found.
Error: No service named acedrv07 was found to stop!
Service\Driver key acedrv07 not found.
Error: No service named A4S2600 was found to stop!
Service\Driver key A4S2600 not found.
Error: No service named _iomega_active_disk_service_ was found to stop!
Service\Driver key _iomega_active_disk_service_ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\netsvcs deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\"netsvcs"|hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files\Alnaddy.com not found.
File\Folder C:\Program Files\BabylonToolbar not found.
File\Folder C:\ProgramData\Codecv not found.
File\Folder c:\users\hp\AppData\Roaming\Babylon not found.
File\Folder c:\programdata\Babylon not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hp
->Temp folder emptied: 168962 bytes
->Temporary Internet Files folder emptied: 536773 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46866304 bytes
->Google Chrome cache emptied: 77099360 bytes
->Flash cache emptied: 2016 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27710 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 119.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: hp
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.50.0 log created on 06222012_195639
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
JonTom
New member
Hello Aelo123
It looks as though you ran the OTL script again.
Lets try it this way instead:
It looks as though you ran the OTL script again.
Lets try it this way instead:
- OTL
- Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
- Check the boxes beside "LOP Check" and "Purity Check".
- Under Custom Scan paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
- Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
- When the scan completes, a log will be produced.
- Please post the log in your next reply.
Hello, it's attached: View attachment 9623
JonTom
New member
Hello Aelo123
Thank you for the latest logs.
Please work your way through the following steps exactly as they are described below:
Thank you for the latest logs.
Please work your way through the following steps exactly as they are described below:
- Please open OTL
- Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
Code::OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> :Services entertainment :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] "netsvcs"=- "netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\ 63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\ 00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\ 00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\ 00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\ 54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\ 00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\ 69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\ 00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\ 6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\ 00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\ 69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,\ 00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,\ 73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,\ 00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,\ 61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,\ 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,\ 73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,\ 00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,\ 69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\ 00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,\ 44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,\ 00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,\ 64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,\ 00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,\ 6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,\ 00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,\ 69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,\ 00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,\ 00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,\ 00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,\ 00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,\ 00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,\ 74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,\ 00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,\ 70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 :Files flushdns /c :Commands [purity] [emptytemp] [emptyflash] [start explorer] [Reboot]
- Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
- Allow the program to run unhindered.
- Your machine will re-start itself. This is normal.
- A log will be created after your machine reboots. Please post the contents of the log in your next reply.
Once you have completed the steps above, please drag the copy of Combofix that is on your desktop to the Recycle Bin. Once you have done that, empty the Recycle Bin.
Download a fresh copy of Combofix from Here and save it to your desktop.
Next, disable all of your security programs, then right click on the Combofix icon and select "Run as Administrator" to run the tool.
Allow Combofix to complete its run then post the log created in your next reply.
There are no instances of alnaddy.com showing up in the log for you Chrome browser. Please describe exactly what is happening when you use Chrome in your next reply. - Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
OTL Log:- (didn't check purity and lop check)
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== SERVICES/DRIVERS ==========
Service entertainment stopped successfully!
Service entertainment deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\netsvcs deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\"netsvcs"|hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
< flushdns /c >
C:\Users\hp\Desktop\cmd.bat deleted successfully.
C:\Users\hp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hp
->Temp folder emptied: 6462402 bytes
->Temporary Internet Files folder emptied: 3615651 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 115862958 bytes
->Google Chrome cache emptied: 286714373 bytes
->Flash cache emptied: 21219 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6778128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 400.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: hp
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.50.0 log created on 06242012_215118
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== SERVICES/DRIVERS ==========
Service entertainment stopped successfully!
Service entertainment deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\netsvcs deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\"netsvcs"|hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
< flushdns /c >
C:\Users\hp\Desktop\cmd.bat deleted successfully.
C:\Users\hp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hp
->Temp folder emptied: 6462402 bytes
->Temporary Internet Files folder emptied: 3615651 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 115862958 bytes
->Google Chrome cache emptied: 286714373 bytes
->Flash cache emptied: 21219 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6778128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 400.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: hp
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.50.0 log created on 06242012_215118
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Combofix:-
ComboFix 12-06-24.03 - hp 24-Jun-12 23:34:50.4.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1147 [GMT 2:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 21:39 . 2012-06-24 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 21:32 . 2012-06-24 21:32 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-24 21:16 . 2012-06-24 21:16 -------- d-----w- c:\program files\Microsoft
2012-06-24 19:53 . 2012-06-24 21:39 -------- d-----w- c:\users\hp\AppData\Local\Temp
2012-06-24 09:07 . 2012-06-24 09:07 -------- d-----w- c:\programdata\Trymedia
2012-06-24 08:55 . 2012-06-24 08:55 -------- d-----w- c:\program files\RealArcade
2012-06-23 18:50 . 2012-06-23 18:50 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 18:49 . 2012-06-23 18:49 -------- d-----w- c:\programdata\McAfee
2012-06-23 16:57 . 2012-06-23 16:57 -------- d-----w- c:\programdata\eToolKit
2012-06-23 11:12 . 2012-06-23 11:12 -------- d-----w- c:\program files\Keyboard Status LED
2012-06-23 11:12 . 2012-06-23 11:12 -------- d-----w- c:\windows\UnInstFilter
2012-06-23 08:17 . 2012-06-23 08:17 -------- d-----w- c:\program files\1ClickDownload
2012-06-21 23:00 . 2012-06-21 23:00 -------- d-----w- C:\_OTL
2012-06-20 19:43 . 2012-06-20 19:43 -------- d-----w- C:\My Documents
2012-06-19 07:27 . 2012-06-19 07:27 -------- d-----w- c:\program files\Common Files\InstallShield
2012-06-19 07:19 . 2012-06-19 07:19 -------- d-----w- c:\users\hp\AppData\Roaming\runic games
2012-06-19 07:17 . 2012-06-21 07:35 -------- d-----w- c:\program files\Runic Games
2012-06-18 21:35 . 2012-06-18 21:35 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-06-18 19:33 . 2001-12-19 09:45 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
2012-06-16 22:03 . 2012-06-16 22:03 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03 . 2012-06-16 22:03 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:34 . 2012-06-16 18:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45 . 2012-06-16 13:45 -------- d-----w- C:\TWISTER
2012-06-16 08:23 . 2012-06-24 11:17 -------- d-----w- c:\users\hp\AppData\Local\Facebook
2012-06-15 20:36 . 2012-06-15 20:36 -------- d-----w- c:\program files\7-Zip
2012-06-13 21:00 . 2012-06-13 21:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00 . 2012-06-13 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27 . 2012-06-13 20:24 607260 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dds.scr
2012-06-13 20:22 . 2012-06-13 20:22 -------- d-----w- c:\program files\ERUNT
2012-06-12 17:35 . 2012-06-12 17:35 -------- d-----w- c:\users\hp\AppData\Local\eToolKit
2012-06-12 17:35 . 2011-09-12 16:43 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34 . 2012-06-24 14:32 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49 . 2012-06-11 17:49 -------- d-----w- c:\users\hp\AppData\Roaming\CBS Interactive
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\users\hp\AppData\Roaming\Optimizer Pro
2012-06-11 07:13 . 2012-06-11 07:13 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12 . 2012-06-19 07:24 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32 . 2012-06-10 17:32 -------- d-----w- c:\program files\Common Files\SourceTec
2012-06-10 17:32 . 2012-06-10 17:33 -------- d-----w- c:\program files\SourceTec
2012-06-09 20:40 . 2012-06-09 20:43 -------- d-----w- c:\users\hp\AppData\Local\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\users\hp\AppData\Roaming\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iPod
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\hp\AppData\Local\WindowsUpdate
2012-06-09 14:07 . 2012-06-09 14:07 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04 . 2012-06-11 07:15 1547 ----a-w- C:\user.js
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Premium
2012-06-08 22:02 . 2012-06-11 21:20 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56 . 2012-06-07 08:56 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01 . 2012-06-06 10:01 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59 . 2012-06-18 21:44 -------- d-----w- c:\users\hp\AppData\Local\ElevatedDiagnostics
2012-06-05 13:15 . 2012-06-05 13:15 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14 . 2012-06-05 13:15 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42 . 2012-06-05 10:42 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21 . 2012-06-04 18:21 -------- d-----w- c:\users\hp\AppData\Roaming\AVG
2012-06-04 16:06 . 2012-06-04 16:06 -------- d-----w- c:\users\hp\AppData\Local\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37 . 2012-06-21 07:35 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33 . 2012-06-04 14:33 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33 . 2012-06-24 15:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33 . 2012-06-12 16:27 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33 . 2012-06-04 14:33 -------- d-----w- C:\$AVG
2012-06-04 14:33 . 2012-06-04 18:20 -------- d-----w- c:\program files\AVG
2012-06-04 14:06 . 2012-06-19 07:24 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41 . 2012-06-04 09:41 -------- d-----w- c:\users\hp\AppData\Roaming\playmink
2012-06-03 22:40 . 2012-06-03 22:44 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40 . 2012-06-03 22:40 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28 . 2012-06-03 14:28 -------- d-----w- c:\users\hp\AppData\Roaming\IDT
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\users\hp\AppData\Roaming\dll-files.com
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Roaming\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Local\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\programdata\ATI
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Common Files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- C:\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57 . 2012-06-02 22:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57 . 2012-06-02 22:59 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47 . 2011-09-08 03:42 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47 . 2011-09-08 03:42 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:20 . 2011-08-23 19:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20 . 2011-08-23 19:57 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09 . 2012-06-02 19:20 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07 . 2012-06-02 19:19 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07 . 2012-06-02 19:07 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07 . 2012-06-02 19:07 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07 . 2012-06-02 19:07 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07 . 2012-06-02 19:07 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 18:07 . 2012-06-02 18:07 -------- d-----w- c:\users\hp\AppData\Roaming\InstallShield
2012-06-02 17:40 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-02 17:40 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-02 17:40 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-02 17:40 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\Hewlett-Packard
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\HP
2012-06-01 13:06 . 2012-06-01 13:06 -------- d-----w- c:\users\hp\AppData\Roaming\iWin
2012-05-30 18:12 . 2012-06-24 21:35 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12 . 2012-05-30 18:12 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06 . 2012-06-05 10:46 -------- d-----w- c:\users\hp\AppData\Roaming\.freeciv
2012-05-30 07:49 . 2012-06-20 22:48 -------- d-----w- c:\users\hp\AppData\Local\Akamai
2012-05-30 07:43 . 2012-06-24 19:53 -------- d-----w- c:\program files\Common Files\Akamai
2012-05-30 07:39 . 2012-05-30 08:05 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28 . 2012-05-28 18:28 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage
2012-05-28 13:58 . 2012-05-28 13:59 -------- d-----w- c:\users\hp\AppData\Local\Nokia
2012-05-28 13:58 . 2012-05-28 13:58 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16 . 2012-05-28 13:58 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-28 12:16 . 2012-05-28 12:16 -------- d-----w- c:\program files\Common Files\PCSuite
2012-05-28 12:15 . 2012-05-28 12:16 -------- d-----w- c:\program files\DIFX
2012-05-28 12:15 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15 . 2012-05-28 12:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-28 12:10 . 2012-05-28 12:10 -------- d-----w- c:\programdata\Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 08:07 . 2012-04-12 18:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-24 08:07 . 2012-03-22 20:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 18:50 . 2012-03-22 20:54 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 18:38 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-29 18:43 . 2012-04-29 18:43 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43 . 2012-04-29 18:43 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-06-18 10:29 . 2012-06-10 17:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 15:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-04 14:37 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2012-01-16 2666112]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-04 2068536]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Akamai NetSession Interface"="c:\users\hp\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Facebook Update"="c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-24 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 1996072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-09-08 1433692]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 176408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-04 1104440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"KBStatusLED1"="c:\windows\KBStatusLED.exe" [2008-04-30 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Facebook Messenger.lnk - c:\users\hp\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe [2012-6-20 209920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1008928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=c:\windows\pss\Kuma_Tray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
2012-01-02 17:15 81912 ----a-w- c:\program files\Optimizer Pro\OptProLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tktray]
2012-01-23 15:01 453712 ----a-w- c:\program files\ToolKitService\tktray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
R1 vcdrom;Virtual CD-ROM Device Driver;D:\VCdRom.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 VBoxDrv;VBox Support Driver;d:\drivers\A\YouWave_Android\vb\VBoxDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-20 76328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-17 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 hshld;Hotspot Shield Service;d:\a\Programs\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;d:\a\Programs\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 1752576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-04 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-17 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-17 247808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-20 142632]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 525864]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-20 33832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 27632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-08-09 10843136]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 08:07]
.
2012-06-13 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-06-03 15:29]
.
2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 11:09]
.
2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 11:09]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-24 c:\windows\Tasks\WefiStartup.job
- c:\program files\WeFi\WefiStartup.exe [2010-11-03 09:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE}: NameServer = 10.89.80.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-KBStatusLED - c:\winnt\KBStatusLED.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(908)
c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
- - - - - - - > 'Explorer.exe'(6076)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-06-24 23:40:52
ComboFix-quarantined-files.txt 2012-06-24 21:40
ComboFix2.txt 2012-06-22 13:42
ComboFix3.txt 2012-06-18 08:41
.
Pre-Run: 77,040,361,472 bytes free
Post-Run: 76,878,594,048 bytes free
.
- - End Of File - - F3483C8D620CF73BEF01760B8283E7FA
ComboFix 12-06-24.03 - hp 24-Jun-12 23:34:50.4.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1147 [GMT 2:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 21:39 . 2012-06-24 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 21:32 . 2012-06-24 21:32 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-24 21:16 . 2012-06-24 21:16 -------- d-----w- c:\program files\Microsoft
2012-06-24 19:53 . 2012-06-24 21:39 -------- d-----w- c:\users\hp\AppData\Local\Temp
2012-06-24 09:07 . 2012-06-24 09:07 -------- d-----w- c:\programdata\Trymedia
2012-06-24 08:55 . 2012-06-24 08:55 -------- d-----w- c:\program files\RealArcade
2012-06-23 18:50 . 2012-06-23 18:50 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 18:49 . 2012-06-23 18:49 -------- d-----w- c:\programdata\McAfee
2012-06-23 16:57 . 2012-06-23 16:57 -------- d-----w- c:\programdata\eToolKit
2012-06-23 11:12 . 2012-06-23 11:12 -------- d-----w- c:\program files\Keyboard Status LED
2012-06-23 11:12 . 2012-06-23 11:12 -------- d-----w- c:\windows\UnInstFilter
2012-06-23 08:17 . 2012-06-23 08:17 -------- d-----w- c:\program files\1ClickDownload
2012-06-21 23:00 . 2012-06-21 23:00 -------- d-----w- C:\_OTL
2012-06-20 19:43 . 2012-06-20 19:43 -------- d-----w- C:\My Documents
2012-06-19 07:27 . 2012-06-19 07:27 -------- d-----w- c:\program files\Common Files\InstallShield
2012-06-19 07:19 . 2012-06-19 07:19 -------- d-----w- c:\users\hp\AppData\Roaming\runic games
2012-06-19 07:17 . 2012-06-21 07:35 -------- d-----w- c:\program files\Runic Games
2012-06-18 21:35 . 2012-06-18 21:35 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-06-18 19:33 . 2001-12-19 09:45 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
2012-06-16 22:03 . 2012-06-16 22:03 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03 . 2012-06-16 22:03 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:34 . 2012-06-16 18:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45 . 2012-06-16 13:45 -------- d-----w- C:\TWISTER
2012-06-16 08:23 . 2012-06-24 11:17 -------- d-----w- c:\users\hp\AppData\Local\Facebook
2012-06-15 20:36 . 2012-06-15 20:36 -------- d-----w- c:\program files\7-Zip
2012-06-13 21:00 . 2012-06-13 21:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00 . 2012-06-13 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27 . 2012-06-13 20:24 607260 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dds.scr
2012-06-13 20:22 . 2012-06-13 20:22 -------- d-----w- c:\program files\ERUNT
2012-06-12 17:35 . 2012-06-12 17:35 -------- d-----w- c:\users\hp\AppData\Local\eToolKit
2012-06-12 17:35 . 2011-09-12 16:43 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34 . 2012-06-24 14:32 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49 . 2012-06-11 17:49 -------- d-----w- c:\users\hp\AppData\Roaming\CBS Interactive
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\users\hp\AppData\Roaming\Optimizer Pro
2012-06-11 07:13 . 2012-06-11 07:13 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12 . 2012-06-19 07:24 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32 . 2012-06-10 17:32 -------- d-----w- c:\program files\Common Files\SourceTec
2012-06-10 17:32 . 2012-06-10 17:33 -------- d-----w- c:\program files\SourceTec
2012-06-09 20:40 . 2012-06-09 20:43 -------- d-----w- c:\users\hp\AppData\Local\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\users\hp\AppData\Roaming\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iPod
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\hp\AppData\Local\WindowsUpdate
2012-06-09 14:07 . 2012-06-09 14:07 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04 . 2012-06-11 07:15 1547 ----a-w- C:\user.js
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Premium
2012-06-08 22:02 . 2012-06-11 21:20 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56 . 2012-06-07 08:56 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01 . 2012-06-06 10:01 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59 . 2012-06-18 21:44 -------- d-----w- c:\users\hp\AppData\Local\ElevatedDiagnostics
2012-06-05 13:15 . 2012-06-05 13:15 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14 . 2012-06-05 13:15 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42 . 2012-06-05 10:42 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21 . 2012-06-04 18:21 -------- d-----w- c:\users\hp\AppData\Roaming\AVG
2012-06-04 16:06 . 2012-06-04 16:06 -------- d-----w- c:\users\hp\AppData\Local\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37 . 2012-06-21 07:35 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33 . 2012-06-04 14:33 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33 . 2012-06-24 15:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33 . 2012-06-12 16:27 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33 . 2012-06-04 14:33 -------- d-----w- C:\$AVG
2012-06-04 14:33 . 2012-06-04 18:20 -------- d-----w- c:\program files\AVG
2012-06-04 14:06 . 2012-06-19 07:24 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41 . 2012-06-04 09:41 -------- d-----w- c:\users\hp\AppData\Roaming\playmink
2012-06-03 22:40 . 2012-06-03 22:44 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40 . 2012-06-03 22:40 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28 . 2012-06-03 14:28 -------- d-----w- c:\users\hp\AppData\Roaming\IDT
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\users\hp\AppData\Roaming\dll-files.com
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Roaming\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Local\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\programdata\ATI
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Common Files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- C:\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57 . 2012-06-02 22:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57 . 2012-06-02 22:59 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47 . 2011-09-08 03:42 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47 . 2011-09-08 03:42 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:20 . 2011-08-23 19:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20 . 2011-08-23 19:57 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09 . 2012-06-02 19:20 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07 . 2012-06-02 19:19 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07 . 2012-06-02 19:07 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07 . 2012-06-02 19:07 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07 . 2012-06-02 19:07 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07 . 2012-06-02 19:07 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 18:07 . 2012-06-02 18:07 -------- d-----w- c:\users\hp\AppData\Roaming\InstallShield
2012-06-02 17:40 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-02 17:40 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-02 17:40 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-02 17:40 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\Hewlett-Packard
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\HP
2012-06-01 13:06 . 2012-06-01 13:06 -------- d-----w- c:\users\hp\AppData\Roaming\iWin
2012-05-30 18:12 . 2012-06-24 21:35 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12 . 2012-05-30 18:12 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06 . 2012-06-05 10:46 -------- d-----w- c:\users\hp\AppData\Roaming\.freeciv
2012-05-30 07:49 . 2012-06-20 22:48 -------- d-----w- c:\users\hp\AppData\Local\Akamai
2012-05-30 07:43 . 2012-06-24 19:53 -------- d-----w- c:\program files\Common Files\Akamai
2012-05-30 07:39 . 2012-05-30 08:05 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28 . 2012-05-28 18:28 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage
2012-05-28 13:58 . 2012-05-28 13:59 -------- d-----w- c:\users\hp\AppData\Local\Nokia
2012-05-28 13:58 . 2012-05-28 13:58 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16 . 2012-05-28 13:58 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-28 12:16 . 2012-05-28 12:16 -------- d-----w- c:\program files\Common Files\PCSuite
2012-05-28 12:15 . 2012-05-28 12:16 -------- d-----w- c:\program files\DIFX
2012-05-28 12:15 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15 . 2012-05-28 12:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-28 12:10 . 2012-05-28 12:10 -------- d-----w- c:\programdata\Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 08:07 . 2012-04-12 18:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-24 08:07 . 2012-03-22 20:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 18:50 . 2012-03-22 20:54 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 18:38 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-29 18:43 . 2012-04-29 18:43 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43 . 2012-04-29 18:43 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-06-18 10:29 . 2012-06-10 17:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 15:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-04 14:37 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2012-01-16 2666112]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-04 2068536]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Akamai NetSession Interface"="c:\users\hp\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Facebook Update"="c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-24 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 1996072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-09-08 1433692]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 176408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-04 1104440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"KBStatusLED1"="c:\windows\KBStatusLED.exe" [2008-04-30 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Facebook Messenger.lnk - c:\users\hp\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe [2012-6-20 209920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1008928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=c:\windows\pss\Kuma_Tray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
2012-01-02 17:15 81912 ----a-w- c:\program files\Optimizer Pro\OptProLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tktray]
2012-01-23 15:01 453712 ----a-w- c:\program files\ToolKitService\tktray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
R1 vcdrom;Virtual CD-ROM Device Driver;D:\VCdRom.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 VBoxDrv;VBox Support Driver;d:\drivers\A\YouWave_Android\vb\VBoxDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-20 76328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-17 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 hshld;Hotspot Shield Service;d:\a\Programs\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;d:\a\Programs\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 1752576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-04 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-17 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-17 247808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-20 142632]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 525864]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-20 33832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 27632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-08-09 10843136]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 08:07]
.
2012-06-13 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-06-03 15:29]
.
2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 11:09]
.
2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 11:09]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-24 c:\windows\Tasks\WefiStartup.job
- c:\program files\WeFi\WefiStartup.exe [2010-11-03 09:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE}: NameServer = 10.89.80.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-KBStatusLED - c:\winnt\KBStatusLED.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(908)
c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
- - - - - - - > 'Explorer.exe'(6076)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-06-24 23:40:52
ComboFix-quarantined-files.txt 2012-06-24 21:40
ComboFix2.txt 2012-06-22 13:42
ComboFix3.txt 2012-06-18 08:41
.
Pre-Run: 77,040,361,472 bytes free
Post-Run: 76,878,594,048 bytes free
.
- - End Of File - - F3483C8D620CF73BEF01760B8283E7FA
As for chrome it opens on: *www.facebook.com (the homepage)
Last edited by a moderator:
JonTom
New member
Hello Aelo123
Thank you for the logs.
I removed the infected links you posted to prevent anyone from clicking on them.
Lets continue:
Thank you for the logs.
I removed the infected links you posted to prevent anyone from clicking on them.
Lets continue:
- Please open OTL
- Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
Code::OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) :Reg [-HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3] [-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [-HKEY_CLASSES_ROOT\TBSB01457.TBSB01457] [-HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1] [-HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}] [-HKEY_CLASSES_ROOT\ToolBand.ToolBandObj] :Files c:\program files\1ClickDownload :Commands [purity] [emptytemp] [emptyflash] [start explorer] [Reboot]
- Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
- Allow the program to run unhindered.
- Your machine will re-start itself. This is normal.
- A log will be created after your machine reboots. Please post the contents of the log in your next reply.
- Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
- Please perform the following scan:
- Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.
- Right click on the mbam-setup.exe icon and select "Run as Administrator" to install the program.
- Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
- Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
- Click on the "Update" tab and then on "Check for Updates".
- The program will now install the latest Malware definition files.
- Once complete, click on the "Scanner" tab, select "Perform FULL Scan"and then click on "Scan".
- Once the program has scanned your computer, a log file will be created in Notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
- When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
- The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
- Come back here to this thread and Paste the log in your next reply.
- Reset your browser proxies
- For Internet Explorer:
- Click on "Tools" and then select "Internet Options".
- Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
- Uncheck "Use a Proxy server for your LAN".
- Click Ok to close the Local Area Network (LAN) Settings window.
- Click Ok to close the Internet Options window.
Lets see if the following can help with your Chrome issues:
- Open Chrome.
- Click the wrench icon wrench icon on the browser toolbar.
- Select Settings.
- Click the Basics tab.
- Click Manage search engines in the "Search" section.
- To Remove a search engine: Select the search engine from the list (all instances of alnaddy) and click the x that appears at the end of the row.
- You can also add the search engine of your choice in this section if you wish.
- To ddd a search engine: Scroll to the bottom of the dialog and fill out the following fields:
- Add a new search engine: Enter a nickname for the search engine.
- Keyword: Enter the text shortcut you want to use for the search engine. Use the keyword to do keyword searches.
- URL: Enter the web address for the search engine.
- To make the selected search engine default: Select the search engine you want to use as your default search engine and click the Make default button that appears in the row.
Please post the OTL log, the MBAM log and a new DDS log in your next reply, and let me know how Chrome is running now.
OTL:-
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3 not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}\ not found.
Registry key HKEY_CLASSES_ROOT\TBSB01457.TBSB01457 not found.
Registry value HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\ not found.
Registry value HKEY_CLASSES_ROOT\ToolBand.ToolBandObj\\ deleted successfully.
========== FILES ==========
c:\program files\1ClickDownload folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hp
->Temp folder emptied: 1291128 bytes
->Temporary Internet Files folder emptied: 216265 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 111869951 bytes
->Google Chrome cache emptied: 84153011 bytes
->Flash cache emptied: 1865 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 754991 bytes
RecycleBin emptied: 493236 bytes
Total Files Cleaned = 190.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: hp
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.50.0 log created on 06262012_200723
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3 not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}\ not found.
Registry key HKEY_CLASSES_ROOT\TBSB01457.TBSB01457 not found.
Registry value HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\ not found.
Registry value HKEY_CLASSES_ROOT\ToolBand.ToolBandObj\\ deleted successfully.
========== FILES ==========
c:\program files\1ClickDownload folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hp
->Temp folder emptied: 1291128 bytes
->Temporary Internet Files folder emptied: 216265 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 111869951 bytes
->Google Chrome cache emptied: 84153011 bytes
->Flash cache emptied: 1865 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 754991 bytes
RecycleBin emptied: 493236 bytes
Total Files Cleaned = 190.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: hp
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.50.0 log created on 06262012_200723
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
mbam:-
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.26.07
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
hp :: DRDALIA [administrator]
Protection: Enabled
26-Jun-12 8:54:34 PM
mbam-log-2012-06-26 (20-54-34).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296292
Time elapsed: 57 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 187
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0019\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0039\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0059\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0004.dta (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0000\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0001\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0002\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0003\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0004\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0005\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0006\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0007\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0008\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0009\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0010\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0011\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0012\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0013\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0014\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0015\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0016\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0017\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0018\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0020\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0021\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0022\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0023\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0024\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0025\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0026\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0027\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0028\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0029\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0030\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0031\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0032\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0033\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0034\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0035\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0036\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0037\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0038\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0040\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0041\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0042\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0043\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0044\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0045\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0046\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0047\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0048\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0049\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0050\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0051\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0052\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0053\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0054\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0055\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0056\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0057\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0058\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0060\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0061\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0062\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0063\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0064\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0065\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0066\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0067\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0068\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0069\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0070\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0071\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0072\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0073\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0074\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0075\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0076\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0077\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0078\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0079\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0080\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0081\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0082\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0083\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0084\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0019\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0039\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0059\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0004.dta (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0000\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0001\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0002\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0003\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0004\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0005\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0006\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0007\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0008\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0009\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0010\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0011\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0012\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0013\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0014\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0015\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0016\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0017\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0018\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0020\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0021\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0022\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0023\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0024\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0025\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0026\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0027\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0028\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0029\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0030\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0031\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0032\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0033\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0034\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0035\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0036\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0037\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0038\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0040\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0041\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0042\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0043\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0044\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0045\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0046\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0047\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0048\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0049\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0050\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0051\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0052\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0053\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0054\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0055\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0056\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0057\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0058\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0060\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0061\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0062\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0063\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0064\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0065\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0066\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0067\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0068\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0069\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0070\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0071\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0072\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0073\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0074\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0075\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0076\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0077\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0078\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0079\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0080\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0081\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0082\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0083\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0084\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0085\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06222012_010007\C_ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
D:\A\Kingston\MP4\Programs\MP4ConverterSetup.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.
D:\A\MP4\Programs\MP4ConverterSetup.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.
D:\A\CRDownload\installer_sis_to_jar_converter.exe (PUP.Adbundler) -> Quarantined and deleted successfully.
D:\A\CRDownload\DownloadSetup (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\w7kf-setup.exe (PUP.Hacktool) -> Quarantined and deleted successfully.
D:\A\CRDownload\SoftonicDownloader_for_highway-3d.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\SoftonicDownloader_for_pro-evolution-soccer-2011-patch.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\SoftonicDownloader_for_vdrift.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\Windows Loader\Windows Loader\Windows Loader.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.26.07
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
hp :: DRDALIA [administrator]
Protection: Enabled
26-Jun-12 8:54:34 PM
mbam-log-2012-06-26 (20-54-34).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296292
Time elapsed: 57 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 187
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0019\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0039\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0059\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0004.dta (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0000\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0001\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0002\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0003\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0004\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0005\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0006\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0007\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0008\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0009\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0010\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0011\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0012\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0013\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0014\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0015\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0016\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0017\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0018\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0020\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0021\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0022\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0023\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0024\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0025\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0026\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0027\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0028\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0029\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0030\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0031\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0032\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0033\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0034\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0035\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0036\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0037\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0038\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0040\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0041\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0042\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0043\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0044\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0045\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0046\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0047\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0048\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0049\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0050\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0051\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0052\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0053\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0054\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0055\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0056\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0057\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0058\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0060\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0061\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0062\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0063\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0064\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0065\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0066\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0067\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0068\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0069\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0070\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0071\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0072\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0073\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0074\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0075\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0076\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0077\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0078\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0079\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0080\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0081\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0082\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0083\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0084\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0019\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0039\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0059\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0004.dta (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0000\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0001\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0002\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0003\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0004\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0005\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0006\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0007\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0008\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0009\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0010\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0011\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0012\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0013\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0014\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0015\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0016\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0017\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0018\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0020\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0021\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0022\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0023\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0024\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0025\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0026\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0027\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0028\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0029\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0030\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0031\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0032\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0033\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0034\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0035\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0036\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0037\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0038\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0040\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0041\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0042\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0043\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0044\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0045\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0046\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0047\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0048\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0049\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0050\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0051\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0052\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0053\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0054\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0055\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0056\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0057\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0058\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0060\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0061\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0062\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0063\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0064\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0065\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0066\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0067\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0068\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0069\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0070\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0071\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0072\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0073\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0074\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0075\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0076\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0077\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0078\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0079\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0080\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0081\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0082\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0083\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0084\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0085\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06222012_010007\C_ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
D:\A\Kingston\MP4\Programs\MP4ConverterSetup.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.
D:\A\MP4\Programs\MP4ConverterSetup.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.
D:\A\CRDownload\installer_sis_to_jar_converter.exe (PUP.Adbundler) -> Quarantined and deleted successfully.
D:\A\CRDownload\DownloadSetup (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\w7kf-setup.exe (PUP.Hacktool) -> Quarantined and deleted successfully.
D:\A\CRDownload\SoftonicDownloader_for_highway-3d.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\SoftonicDownloader_for_pro-evolution-soccer-2011-patch.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\SoftonicDownloader_for_vdrift.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\Windows Loader\Windows Loader\Windows Loader.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
(end)
JonTom
New member
Hello Aelo123
Please re-scan with DDS exactly as you did the first time and post both logs in your next reply.
You posted the log we require
When you first posted on this forum you scanned your machine with a tool called DDS (see page number 1, post number 1 made by your good self).
Please re-scan with DDS exactly as you did the first time and post both logs in your next reply.
View attachment 9635
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by hp at 1:50:08 on 2012-06-28
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1194 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
D:\A\Programs\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\KBStatusLED.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
D:\A\Programs\Hotspot Shield\HssWPR\hsssrv.exe
D:\A\Programs\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ToolKitService\ToolkitService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WeFi\WefiEngSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WeFi\WeFi.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - c:\program files\toolkitservice\splash.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB01457 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AllGamesHome Toolbar: {5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - c:\program files\toolkitservice\toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Akamai NetSession Interface] "c:\users\hp\appdata\local\akamai\netsession_win.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music player\NokiaMusicPlayer.exe" /command:faststart
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KBStatusLED1] c:\windows\KBStatusLED.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\hp\appdata\local\facebook\messenger\2.1.4554.0\FacebookMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE} : NameServer = 10.89.80.1
TCP: Interfaces\{E51740AD-C71E-4378-97EB-C1A64C151984} : DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hp\appdata\roaming\mozilla\firefox\profiles\xhny2dox.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\hp\appdata\local\facebook\messenger\2.1.4554.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\hp\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\hp\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-17 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 hshld;Hotspot Shield Service;d:\a\programs\hotspot shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;d:\a\programs\hotspot shield\bin\hsswd.exe -product hss --> d:\a\programs\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-3-17 1752576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-26 654408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-13 1153368]
R2 ToolkitSvc;Toolkit Service;c:\program files\toolkitservice\toolkitservice.exe [2012-6-12 687168]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-4 935480]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-18 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-8-17 247808]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-3-17 142632]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-3-17 525864]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-17 33832]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-12-10 27632]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-17 269824]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2011-8-9 10843136]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-3-17 41088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-2 414824]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-11-3 120152]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2012-3-17 76328]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-10 113120]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-3-17 251496]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-06-27 08:22:59 -------- d-----w- c:\program files\RAMBooster.Net
2012-06-26 18:25:58 -------- d-----w- c:\users\hp\appdata\roaming\Malwarebytes
2012-06-26 18:25:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 18:25:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-26 18:25:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-25 14:34:25 -------- d-----w- c:\users\hp\appdata\local\Macromedia
2012-06-24 21:40:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-24 21:16:06 -------- d-----w- c:\program files\Microsoft
2012-06-24 19:53:15 -------- d-----w- c:\users\hp\appdata\local\Temp
2012-06-24 09:07:33 -------- d-----w- c:\programdata\Trymedia
2012-06-24 08:55:46 -------- d-----w- c:\program files\RealArcade
2012-06-23 18:50:45 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 16:57:25 -------- d-----w- c:\programdata\eToolKit
2012-06-23 11:12:19 -------- d-----w- c:\program files\Keyboard Status LED
2012-06-23 11:12:18 -------- d-----w- c:\windows\UnInstFilter
2012-06-21 23:00:07 -------- d-----w- C:\_OTL
2012-06-20 19:43:10 -------- d-----w- C:\My Documents
2012-06-19 07:27:37 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-06-19 07:27:36 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-06-19 07:27:36 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-06-19 07:27:36 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-06-19 07:27:34 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-06-19 07:19:11 -------- d-----w- c:\users\hp\appdata\roaming\runic games
2012-06-19 07:17:22 -------- d-----w- c:\program files\Runic Games
2012-06-18 21:35:12 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-06-18 19:33:24 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
2012-06-16 22:03:36 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03:34 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:42:10 98816 ----a-w- c:\windows\sed.exe
2012-06-16 18:42:10 518144 ----a-w- c:\windows\SWREG.exe
2012-06-16 18:42:10 256000 ----a-w- c:\windows\PEV.exe
2012-06-16 18:42:10 208896 ----a-w- c:\windows\MBR.exe
2012-06-16 18:34:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45:39 -------- d-----w- C:\TWISTER
2012-06-16 08:23:03 -------- d-----w- c:\users\hp\appdata\local\Facebook
2012-06-13 21:00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27:40 607260 ----a-r- c:\users\hp\appdata\roaming\microsoft\windows\start menu\programs\dds.scr
2012-06-12 17:35:20 -------- d-----w- c:\users\hp\appdata\local\eToolKit
2012-06-12 17:35:12 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34:38 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49:42 -------- d-----w- c:\users\hp\appdata\roaming\CBS Interactive
2012-06-11 07:15:30 -------- d-----w- c:\users\hp\appdata\roaming\Optimizer Pro
2012-06-11 07:13:30 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12:07 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32:29 -------- d-----w- c:\program files\common files\SourceTec
2012-06-10 17:32:24 -------- d-----w- c:\program files\SourceTec
2012-06-10 12:59:37 -------- d-----w- c:\windows\pss
2012-06-09 20:40:33 -------- d-----w- c:\users\hp\appdata\local\Apple Computer
2012-06-09 20:40:26 -------- d-----w- c:\program files\iPod
2012-06-09 20:40:21 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48:23 -------- d-----w- c:\users\hp\appdata\local\WindowsUpdate
2012-06-09 14:07:46 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:03:26 -------- d-----w- c:\programdata\Premium
2012-06-08 22:02:19 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56:44 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01:26 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59:18 -------- d-----w- c:\users\hp\appdata\local\ElevatedDiagnostics
2012-06-05 13:15:18 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14:16 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42:17 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21:04 -------- d-----w- c:\users\hp\appdata\roaming\AVG
2012-06-04 16:08:19 -------- d-----w- c:\users\hp\appdata\roaming\AVG2012
2012-06-04 16:06:15 -------- d-----w- c:\users\hp\appdata\local\AVG Secure Search
2012-06-04 14:37:15 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33:49 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33:40 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33:40 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33:40 -------- d-----w- C:\$AVG
2012-06-04 14:33:23 -------- d-----w- c:\program files\AVG
2012-06-04 14:06:06 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41:51 -------- d-----w- c:\users\hp\appdata\roaming\playmink
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28:27 -------- d-----w- c:\users\hp\appdata\roaming\IDT
2012-06-03 13:31:19 -------- d-----w- c:\users\hp\appdata\roaming\dll-files.com
2012-06-03 13:31:12 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01:52 -------- d-----w- c:\users\hp\appdata\local\ATI
2012-06-02 22:59:17 -------- d-----w- c:\program files\common files\Intel
2012-06-02 22:59:11 -------- d-----w- C:\Intel
2012-06-02 22:59:09 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57:42 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47:12 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47:12 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:47:12 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-06-02 20:47:12 4120576 ----a-w- c:\windows\system32\stlang.dll
2012-06-02 20:47:12 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-06-02 20:47:12 1784320 ----a-w- c:\windows\system32\IDTNCPL.cpl
2012-06-02 20:47:12 1433692 ----a-w- c:\windows\sttray.exe
2012-06-02 20:47:12 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-06-02 20:47:10 -------- d-----w- c:\windows\system32\SRSLabs
2012-06-02 20:47:08 207360 ----a-w- c:\windows\system32\staco.dll
2012-06-02 20:46:34 535552 ------w- c:\windows\system32\stapi32.dll
2012-06-02 20:46:34 444928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2012-06-02 20:46:34 417280 ----a-w- c:\windows\system32\stcplx.dll
2012-06-02 20:46:34 1259008 ----a-w- c:\windows\system32\stapo.dll
2012-06-02 20:46:29 -------- d-----w- c:\program files\IDT
2012-06-02 20:20:52 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20:52 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09:48 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07:58 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07:58 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07:58 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07:58 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07:58 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 17:40:54 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-06-02 17:40:53 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-06-02 17:40:53 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-06-02 17:40:53 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-06-02 16:00:24 -------- d-----w- c:\program files\HP
2012-06-01 13:06:07 -------- d-----w- c:\users\hp\appdata\roaming\iWin
2012-05-30 18:12:31 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12:09 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06:09 -------- d-----w- c:\users\hp\appdata\roaming\.freeciv
2012-05-30 07:49:03 -------- d-----w- c:\users\hp\appdata\local\Akamai
2012-05-30 07:43:20 -------- d-----w- c:\program files\common files\Akamai
2012-05-30 07:39:01 -------- d-----w- c:\program files\Kuma Games
.
==================== Find3M ====================
.
2012-06-24 08:07:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-24 08:07:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 18:50:38 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 18:38:34 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-29 18:43:32 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43:28 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 1:51:07.29 ===============
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by hp at 1:50:08 on 2012-06-28
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1194 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
D:\A\Programs\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\KBStatusLED.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
D:\A\Programs\Hotspot Shield\HssWPR\hsssrv.exe
D:\A\Programs\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ToolKitService\ToolkitService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WeFi\WefiEngSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WeFi\WeFi.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - c:\program files\toolkitservice\splash.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB01457 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AllGamesHome Toolbar: {5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - c:\program files\toolkitservice\toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Akamai NetSession Interface] "c:\users\hp\appdata\local\akamai\netsession_win.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music player\NokiaMusicPlayer.exe" /command:faststart
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KBStatusLED1] c:\windows\KBStatusLED.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\hp\appdata\local\facebook\messenger\2.1.4554.0\FacebookMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE} : NameServer = 10.89.80.1
TCP: Interfaces\{E51740AD-C71E-4378-97EB-C1A64C151984} : DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hp\appdata\roaming\mozilla\firefox\profiles\xhny2dox.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\hp\appdata\local\facebook\messenger\2.1.4554.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\hp\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\hp\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-17 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 hshld;Hotspot Shield Service;d:\a\programs\hotspot shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;d:\a\programs\hotspot shield\bin\hsswd.exe -product hss --> d:\a\programs\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-3-17 1752576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-26 654408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-13 1153368]
R2 ToolkitSvc;Toolkit Service;c:\program files\toolkitservice\toolkitservice.exe [2012-6-12 687168]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-4 935480]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-18 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-8-17 247808]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-3-17 142632]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-3-17 525864]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-17 33832]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-12-10 27632]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-17 269824]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2011-8-9 10843136]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-3-17 41088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-2 414824]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-11-3 120152]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2012-3-17 76328]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-10 113120]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-3-17 251496]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-06-27 08:22:59 -------- d-----w- c:\program files\RAMBooster.Net
2012-06-26 18:25:58 -------- d-----w- c:\users\hp\appdata\roaming\Malwarebytes
2012-06-26 18:25:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 18:25:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-26 18:25:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-25 14:34:25 -------- d-----w- c:\users\hp\appdata\local\Macromedia
2012-06-24 21:40:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-24 21:16:06 -------- d-----w- c:\program files\Microsoft
2012-06-24 19:53:15 -------- d-----w- c:\users\hp\appdata\local\Temp
2012-06-24 09:07:33 -------- d-----w- c:\programdata\Trymedia
2012-06-24 08:55:46 -------- d-----w- c:\program files\RealArcade
2012-06-23 18:50:45 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 16:57:25 -------- d-----w- c:\programdata\eToolKit
2012-06-23 11:12:19 -------- d-----w- c:\program files\Keyboard Status LED
2012-06-23 11:12:18 -------- d-----w- c:\windows\UnInstFilter
2012-06-21 23:00:07 -------- d-----w- C:\_OTL
2012-06-20 19:43:10 -------- d-----w- C:\My Documents
2012-06-19 07:27:37 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-06-19 07:27:36 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-06-19 07:27:36 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-06-19 07:27:36 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-06-19 07:27:34 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-06-19 07:19:11 -------- d-----w- c:\users\hp\appdata\roaming\runic games
2012-06-19 07:17:22 -------- d-----w- c:\program files\Runic Games
2012-06-18 21:35:12 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-06-18 19:33:24 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
2012-06-16 22:03:36 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03:34 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:42:10 98816 ----a-w- c:\windows\sed.exe
2012-06-16 18:42:10 518144 ----a-w- c:\windows\SWREG.exe
2012-06-16 18:42:10 256000 ----a-w- c:\windows\PEV.exe
2012-06-16 18:42:10 208896 ----a-w- c:\windows\MBR.exe
2012-06-16 18:34:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45:39 -------- d-----w- C:\TWISTER
2012-06-16 08:23:03 -------- d-----w- c:\users\hp\appdata\local\Facebook
2012-06-13 21:00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27:40 607260 ----a-r- c:\users\hp\appdata\roaming\microsoft\windows\start menu\programs\dds.scr
2012-06-12 17:35:20 -------- d-----w- c:\users\hp\appdata\local\eToolKit
2012-06-12 17:35:12 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34:38 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49:42 -------- d-----w- c:\users\hp\appdata\roaming\CBS Interactive
2012-06-11 07:15:30 -------- d-----w- c:\users\hp\appdata\roaming\Optimizer Pro
2012-06-11 07:13:30 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12:07 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32:29 -------- d-----w- c:\program files\common files\SourceTec
2012-06-10 17:32:24 -------- d-----w- c:\program files\SourceTec
2012-06-10 12:59:37 -------- d-----w- c:\windows\pss
2012-06-09 20:40:33 -------- d-----w- c:\users\hp\appdata\local\Apple Computer
2012-06-09 20:40:26 -------- d-----w- c:\program files\iPod
2012-06-09 20:40:21 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48:23 -------- d-----w- c:\users\hp\appdata\local\WindowsUpdate
2012-06-09 14:07:46 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:03:26 -------- d-----w- c:\programdata\Premium
2012-06-08 22:02:19 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56:44 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01:26 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59:18 -------- d-----w- c:\users\hp\appdata\local\ElevatedDiagnostics
2012-06-05 13:15:18 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14:16 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42:17 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21:04 -------- d-----w- c:\users\hp\appdata\roaming\AVG
2012-06-04 16:08:19 -------- d-----w- c:\users\hp\appdata\roaming\AVG2012
2012-06-04 16:06:15 -------- d-----w- c:\users\hp\appdata\local\AVG Secure Search
2012-06-04 14:37:15 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33:49 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33:40 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33:40 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33:40 -------- d-----w- C:\$AVG
2012-06-04 14:33:23 -------- d-----w- c:\program files\AVG
2012-06-04 14:06:06 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41:51 -------- d-----w- c:\users\hp\appdata\roaming\playmink
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28:27 -------- d-----w- c:\users\hp\appdata\roaming\IDT
2012-06-03 13:31:19 -------- d-----w- c:\users\hp\appdata\roaming\dll-files.com
2012-06-03 13:31:12 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01:52 -------- d-----w- c:\users\hp\appdata\local\ATI
2012-06-02 22:59:17 -------- d-----w- c:\program files\common files\Intel
2012-06-02 22:59:11 -------- d-----w- C:\Intel
2012-06-02 22:59:09 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57:42 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47:12 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47:12 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:47:12 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-06-02 20:47:12 4120576 ----a-w- c:\windows\system32\stlang.dll
2012-06-02 20:47:12 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-06-02 20:47:12 1784320 ----a-w- c:\windows\system32\IDTNCPL.cpl
2012-06-02 20:47:12 1433692 ----a-w- c:\windows\sttray.exe
2012-06-02 20:47:12 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-06-02 20:47:10 -------- d-----w- c:\windows\system32\SRSLabs
2012-06-02 20:47:08 207360 ----a-w- c:\windows\system32\staco.dll
2012-06-02 20:46:34 535552 ------w- c:\windows\system32\stapi32.dll
2012-06-02 20:46:34 444928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2012-06-02 20:46:34 417280 ----a-w- c:\windows\system32\stcplx.dll
2012-06-02 20:46:34 1259008 ----a-w- c:\windows\system32\stapo.dll
2012-06-02 20:46:29 -------- d-----w- c:\program files\IDT
2012-06-02 20:20:52 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20:52 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09:48 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07:58 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07:58 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07:58 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07:58 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07:58 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 17:40:54 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-06-02 17:40:53 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-06-02 17:40:53 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-06-02 17:40:53 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-06-02 16:00:24 -------- d-----w- c:\program files\HP
2012-06-01 13:06:07 -------- d-----w- c:\users\hp\appdata\roaming\iWin
2012-05-30 18:12:31 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12:09 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06:09 -------- d-----w- c:\users\hp\appdata\roaming\.freeciv
2012-05-30 07:49:03 -------- d-----w- c:\users\hp\appdata\local\Akamai
2012-05-30 07:43:20 -------- d-----w- c:\program files\common files\Akamai
2012-05-30 07:39:01 -------- d-----w- c:\program files\Kuma Games
.
==================== Find3M ====================
.
2012-06-24 08:07:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-24 08:07:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 18:50:38 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 18:38:34 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-29 18:43:32 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43:28 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 1:51:07.29 ===============
JonTom
New member
Hello Aelo123
Thank you for the logs.
Thank you for the logs.
- P2P Programs:
- P2P programs are a major source of Malware infections.
- From your log I see you have BitTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
- The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
- If you wish to keep the program(s), please do not use them until your computer is cleaned.
- Information regarding the risk of using these programs can be found from here and here.
- It is strongly recommend that you uninstall any P2P programs you have on your system.
- To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
- A list of currently installed programs will be displayed.
- Find the "BitTorrent" program, click on it once and then click on the "Uninstall" button.
- If you are prompted to re-boot your computer to complete the uninstall please do so.
PLEASE NOTE: - Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
- Please un-install the following
- Click on "Start" then on "Control Panel" and then on the "Programs and Features" tab.
- Find the "Alnaddy.com toolbar on IE and Chrome" program, click on it once and then click on the "uninstall" button.
- If you are prompted to re-boot your computer to complete the uninstall please do so.
- Repeat for "Babylon toolbar on IE".
- If you have any problems removing these programs let me know.
- Please download SystemLook by JPShortstuff
- Please download SystemLook by JPShortstuff by clicking here or here and save the file (called SystemLook.exe) to your desktop.
- Right click on SystemLook.exe and select "Run as Administrator" to run the program.
- Copy the content of the following codebox into the main textfield:
Code::filefind *alnaddy* :folderfind *alnaddy* :regfind *alnaddy*- Click the Look button to start the scan.
- The scan may take several minutes to complete. please be patient.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
- Note: The log can also be found on your Desktop entitled SystemLook.txt
- Please run the following scan
- Note: You will need to use Internet Explorer for this scan.
- Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
- Please disable your real time security programs before performing the scan.
- Scan your system with Eset Online Scanner
- Place a check mark in the box YES, I accept the Terms Of Use.
- Click the
button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option to "Remove Found Threats" is UN checked.
- Push the "Start" button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Push the button.
- Push
Please post the Systemlook log and the ESET log in your next reply.
System Look:-
SystemLook 30.07.11 by jpshortstuff
Log created at 00:28 on 29/06/2012 by hp
Administrator - Elevation successful
========== filefind ==========
Searching for "*alnaddy*"
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbar.crx.vir --a---- 194705 bytes [07:49 01/06/2012] [07:49 01/06/2012] 2A4D1FC8C13734DE3D6A77C850EABBCF
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarApp.dll.vir --a---- 364648 bytes [11:31 04/06/2012] [11:31 04/06/2012] 29A7C8948CC8843ED967D990C04CA10B
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarEng.dll.vir --a---- 576616 bytes [11:31 04/06/2012] [11:31 04/06/2012] 1988EC2A8673AC981DEDED9E2A91DE66
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarsrv.exe.vir --a---- 362088 bytes [11:31 04/06/2012] [11:31 04/06/2012] 68014D5E9193CD08A97E06591FD113CD
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll.vir --a---- 286824 bytes [11:31 04/06/2012] [11:31 04/06/2012] 52076990ABD4F849A7D6CB35B40B809F
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll.vir --a---- 268904 bytes [11:31 04/06/2012] [11:31 04/06/2012] C72214429A13A32E3884A56140EE3F3C
C:\Qoobox\Quarantine\Registry_backups\AddRemove-alnaddyToolbar.reg.dat --a---- 932 bytes [13:41 22/06/2012] [13:41 22/06/2012] A81EF35ACF5E25FF70D4A311F55AA1D0
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarApp.dll --a---- 364648 bytes [11:31 04/06/2012] [11:31 04/06/2012] 29A7C8948CC8843ED967D990C04CA10B
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarEng.dll --a---- 576616 bytes [11:31 04/06/2012] [11:31 04/06/2012] 1988EC2A8673AC981DEDED9E2A91DE66
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarsrv.exe --a---- 362088 bytes [11:31 04/06/2012] [11:31 04/06/2012] 68014D5E9193CD08A97E06591FD113CD
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll --a---- 286824 bytes [11:31 04/06/2012] [11:31 04/06/2012] 52076990ABD4F849A7D6CB35B40B809F
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll --a---- 268904 bytes [11:31 04/06/2012] [11:31 04/06/2012] C72214429A13A32E3884A56140EE3F3C
C:\_OTL\MovedFiles\06222012_010007\C_Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml --a---- 1389 bytes [12:37 18/04/2012] [07:15 11/06/2012] 351D6AC4896A74E6156598A9139B4588
========== folderfind ==========
Searching for "*alnaddy*"
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com d------ [19:01 20/06/2012]
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar d------ [19:01 20/06/2012]
C:\Users\hp\AppData\LocalLow\Alnaddy.com d------ [07:21 11/06/2012]
C:\Users\hp\AppData\LocalLow\Alnaddy.com\alnaddyToolbar d------ [07:21 11/06/2012]
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com d------ [07:15 11/06/2012]
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar d------ [07:15 11/06/2012]
========== regfind ==========
Searching for "*alnaddy*"
No data found.
-= EOF =-
SystemLook 30.07.11 by jpshortstuff
Log created at 00:28 on 29/06/2012 by hp
Administrator - Elevation successful
========== filefind ==========
Searching for "*alnaddy*"
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbar.crx.vir --a---- 194705 bytes [07:49 01/06/2012] [07:49 01/06/2012] 2A4D1FC8C13734DE3D6A77C850EABBCF
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarApp.dll.vir --a---- 364648 bytes [11:31 04/06/2012] [11:31 04/06/2012] 29A7C8948CC8843ED967D990C04CA10B
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarEng.dll.vir --a---- 576616 bytes [11:31 04/06/2012] [11:31 04/06/2012] 1988EC2A8673AC981DEDED9E2A91DE66
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarsrv.exe.vir --a---- 362088 bytes [11:31 04/06/2012] [11:31 04/06/2012] 68014D5E9193CD08A97E06591FD113CD
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll.vir --a---- 286824 bytes [11:31 04/06/2012] [11:31 04/06/2012] 52076990ABD4F849A7D6CB35B40B809F
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll.vir --a---- 268904 bytes [11:31 04/06/2012] [11:31 04/06/2012] C72214429A13A32E3884A56140EE3F3C
C:\Qoobox\Quarantine\Registry_backups\AddRemove-alnaddyToolbar.reg.dat --a---- 932 bytes [13:41 22/06/2012] [13:41 22/06/2012] A81EF35ACF5E25FF70D4A311F55AA1D0
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarApp.dll --a---- 364648 bytes [11:31 04/06/2012] [11:31 04/06/2012] 29A7C8948CC8843ED967D990C04CA10B
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarEng.dll --a---- 576616 bytes [11:31 04/06/2012] [11:31 04/06/2012] 1988EC2A8673AC981DEDED9E2A91DE66
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarsrv.exe --a---- 362088 bytes [11:31 04/06/2012] [11:31 04/06/2012] 68014D5E9193CD08A97E06591FD113CD
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll --a---- 286824 bytes [11:31 04/06/2012] [11:31 04/06/2012] 52076990ABD4F849A7D6CB35B40B809F
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll --a---- 268904 bytes [11:31 04/06/2012] [11:31 04/06/2012] C72214429A13A32E3884A56140EE3F3C
C:\_OTL\MovedFiles\06222012_010007\C_Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml --a---- 1389 bytes [12:37 18/04/2012] [07:15 11/06/2012] 351D6AC4896A74E6156598A9139B4588
========== folderfind ==========
Searching for "*alnaddy*"
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com d------ [19:01 20/06/2012]
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar d------ [19:01 20/06/2012]
C:\Users\hp\AppData\LocalLow\Alnaddy.com d------ [07:21 11/06/2012]
C:\Users\hp\AppData\LocalLow\Alnaddy.com\alnaddyToolbar d------ [07:21 11/06/2012]
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com d------ [07:15 11/06/2012]
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar d------ [07:15 11/06/2012]
========== regfind ==========
Searching for "*alnaddy*"
No data found.
-= EOF =-
ESETScan:-
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll.vir a variant of Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll.vir Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe.vir probably a variant of Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll.vir Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll.vir Win32/Toolbar.Babylon application
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan
C:\Users\hp\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120604202104674.rsc multiple threats
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
D:\A\CRDownload\3D+Race+Raging+Thunder+s60+2nd.sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA.sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\cnet2_RegpairSetup_exe.exe a variant of Win32/InstallCore.D application
D:\A\CRDownload\cnet2_WeFiSetup_1_157_1_1538_exe.exe a variant of Win32/InstallCore.D application
D:\A\CRDownload\Exe_maker_v2.5.0_s60_2nd_edition_2.sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\Mission+Pandora+3D+S60.rar a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\The_sims_3_complete.exe Win32/Adware.1ClickDownload.C application
D:\A\CRDownload\The_Sims_3___Town_Life_Stuff_rar.exe Win32/Adware.1ClickDownload.C application
D:\A\CRDownload\WebGate.Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA (1).Sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\WebGate.Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA.Sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\WMouseXP-Remote-3.0-Full-Version-cracked.zip a variant of Win32/Kryptik.AEGB trojan
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll.vir a variant of Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll.vir Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe.vir probably a variant of Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll.vir Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll.vir Win32/Toolbar.Babylon application
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan
C:\Users\hp\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120604202104674.rsc multiple threats
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
D:\A\CRDownload\3D+Race+Raging+Thunder+s60+2nd.sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA.sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\cnet2_RegpairSetup_exe.exe a variant of Win32/InstallCore.D application
D:\A\CRDownload\cnet2_WeFiSetup_1_157_1_1538_exe.exe a variant of Win32/InstallCore.D application
D:\A\CRDownload\Exe_maker_v2.5.0_s60_2nd_edition_2.sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\Mission+Pandora+3D+S60.rar a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\The_sims_3_complete.exe Win32/Adware.1ClickDownload.C application
D:\A\CRDownload\The_Sims_3___Town_Life_Stuff_rar.exe Win32/Adware.1ClickDownload.C application
D:\A\CRDownload\WebGate.Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA (1).Sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\WebGate.Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA.Sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\WMouseXP-Remote-3.0-Full-Version-cracked.zip a variant of Win32/Kryptik.AEGB trojan
JonTom
New member
Hello Aelo123
Thank you for the logs.
Before we continue I would like to see the log created from the following tool:
Thank you for the logs.
Before we continue I would like to see the log created from the following tool:
- CKScanner
- Download CKScanner by askey127 from here and save it to your Desktop.
- Right click CKScanner.exe and select "Run as Administrator", then click on Search For Files.
- When the cursor hourglass disappears, click Save List To File.
- A message box will verify the file saved.
- Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.
- Status