RockunRoll
-
Posts
36 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by RockunRoll
-
-
Hi daledoc1, thank you for your intervention here. I d/l and installed afresh a copy of the pro version, rebooted without doing a quick launch as recommended. After powerup, in addition I check (marked) the protection settings which I had set up before this version, updated the database, did a quick scan, then a full scan. Now all seems working fine. But still the load up (power up) of my OS in my m/c still somewhat slower than before. Let me continue monitor, and if need to, resume additional postings here. Meanwhile I believe lets pend alerting your customer support.
-
Yes, as a pro version user I encountered problems. Very bad, unfinished product. Why do these people ripped us off with a poorly finished product? Dented my trust in them. I was prompted by a notification in my task tray to installed a new version - off it go while it was starting installation, it also auto removed the old one. I did not launch the s/w immediately after installation, proceeded to restart my m/c. Oops, got 'hanged' on the welcome screen, my m/c took ages to load win 7. Fed up I forced shut down, boot on safe mode which was ok. Checked the malware bytes found the version 1.7 alright. Unconvinced I reboot normal mode, oops again second time, the m/c took another ages to start up, at the welcome screen on my m/c, the small centre welcome circle icon, turn and turn and turn non-stop. I forced stop by unplugging mains, reboot via start windows normally, and then decided I need to remove the program. Surprisingly it failed, dialog came out saying 'files are corrupted, please get another copy..'. Left with no choice did another force shut via unplugging the mains, goot on safe mode, uninstall the program. Now I am at a COMPLETE loss, what to do next , as my machine has no anti malware program.
-
Right, Everything cleaned up, logs, lock stock and all.
Ok so indeed I got this Win Command Processor. How did I possibly got this and what this bastard actually do ?
Did you also happen to 'see' anything nasty or unwelcomed as well?
Thanks for your many days of efforts and time expended. Most certainly I ll comment on the profle feed.
-
Sorry for not making myself understood. I am mindful now as you guys are out there tackling 10s of queries from infected folks so I need to be short sweet and sharp.
" " And in particular as I mentioned earlier, how come in the tas manager window at the top left besides the process tab, I noticed the sentence, 'windows command processor is waiting for your instructions...'
Can you take a screen shot of that and post it? " "
- this one was a one-off occurence that I chanced upon. If it happen again, I ll show u the screen shot.
" " OK, some questions for you because I don't understand all your questions:
You're saying disk check runs every time the computer boots up? " "
- after all those actions you instructed me to execute through in the last some days, now it does not happen anymore, hopefully still wont going forward. Initially it did with no ryhme or reason which is why set me to seek help from you guys.
" " Quote
what is the last op for not this mbam scan, the OTL one
I don't understand what you mean here?? " "
- I mean what is the OTL operation/scanning for - which I did wrong remember when I click on scan instead of run fix?
" " Quote
Secondly, is there any of those s/w's which you instructed me to d/l to use, can be kept for my own routine use once in a while if I just play safe to use them to clean anything, eg the Roguekiller, this OTL, the DDS?
I don't understand this also. " "
- I am referring to those various cleaning tools, checking tools that I had them saved on my desktop. Can I run them to do my own checking in future if needed, without assistance from you folks, especially those like I used it on my own, the TDSS?
" " Quote
And over to you, anything you like to leave me?
Yes we have to do some cleanup. " "
- Ok what clean up? Thanks.
-
I would need to observe more in the coming days to see how it behaves esp on the startup disk checks as compared to before (because I normally religiously follow a proper shut down routine in order to preserve my HD life span. So I see no good reason why when boot up the computer needs a disk check recently. And in particular as I mentioned earlier, how come in the tas manager window at the top left besides the process tab, I noticed the sentence, 'windows command processor is waiting for your instructions...'
I do hope there's really nothing ultra-malicious lurking inside. I really do express my gratitude of your spending time, being patience, in engaging to help me over the last few days. I do feel guilty somewhat though thru no fault of mine to need to trouble people like you.
Just through this episode, may I ask, 2 things, what is the last op for not this mbam scan, the OTL one? Secondly, is there any of those s/w's which you instructed me to d/l to use, can be kept for my own routine use once in a while if I just play safe to use them to clean anything, eg the Roguekiller, this OTL, the DDS?
And over to you, anything you like to leave me?
If this post is locked later say after the next few days, how am I going to inform you the computer us running?
Thanks a bundle.
-
I did the quick scan fyi also disabling the eset.
-
Here's the quick scan done after updating the MBAM. Nothing on or related to the 'remove selected' friend.
Malwarebytes Anti-Malware 1.62.0.1300
Database version: v2012.07.20.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Terence :: TERENCEHPENVY14 [administrator]
Protection: Enabled
21-Jul-12 00:05:23
mbam-log-2012-07-21 (00-05-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202190
Time elapsed: 2 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
ok, just to be sure again, when you said perform quick scan, is it the top one? Because below is the full scan, followed by flash scan. Please confirm.
Then please elaborate 'remove selected', kindly explain more, thanks.
-
Ok here I am, and I believe this time I did it right - I disable my Eset Sec s/w both AV and F/w, I stopped the Win Defender and Win Firewall, all these.
Another thing different I did was I click on the top link instead of the other one below, cut and paste the same thing I did earlier, clcik run fix, very sure.
Next what happened the below progress bar ran left to right 2 cycles. Then reboot. After reboot, screen show 'publisher not verified, are you sure you want to run'? sure I clicked yes.
This time again almost immediately the log came out, definitely contains much more info the earlier. Hope this time you can see what you need to see. Here it is:
All processes killed
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: Terence
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Terence
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 5651 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3960 bytes
Session Manager Temp folder emptied: 6157159 bytes
Session Manager Tmp folder emptied: 578760 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 39201 bytes
Total Files Cleaned = 7.00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07202012_232001
Files\Folders moved on Reboot...
G:\TEMP\{743D08FD-DA2B-484A-9364-BD354C5D3955}\fpb.tmp moved successfully.
G:\TEMP\FXSAPIDebugLogFile.txt moved successfully.
File\Folder G:\TEMP\~DFACACDE17901D64C1.TMP not found!
File\Folder G:\TEMP\~DF8050FA2B02509AB1.TMP not found!
File\Folder G:\TEMP\~DFEABDC1435C709FF0.TMP not found!
File\Folder G:\TEMP\~DF1A4D63B05CA5A104.TMP not found!
PendingFileRenameOperations files...
File G:\TEMP\{743D08FD-DA2B-484A-9364-BD354C5D3955}\fpb.tmp not found!
File G:\TEMP\FXSAPIDebugLogFile.txt not found!
File G:\TEMP\~DFACACDE17901D64C1.TMP not found!
File G:\TEMP\~DF8050FA2B02509AB1.TMP not found!
File G:\TEMP\~DFEABDC1435C709FF0.TMP not found!
File G:\TEMP\~DF1A4D63B05CA5A104.TMP not found!
Registry entries deleted on Reboot...
Cheers....
-
Re post due to something left out, sorry :
Hello hello. I am back so soon as I thought it will take longer time as earlier because I wanted to run out for my dinner. Anyway., yeah I hit run fix after copy/paste what u told me. It did its job almost in an instant, yes in an instant, no scanning. I clicked yes to reboot and immediately after reboot even when the other start up programs yet to load, ..." screen appeared asking me to allow this program to run or not".... Upon clicking yes, it opened this where I cant save the texts because all the menu were greyed out. Here I copied and paste below:
All processes killed
Error: Unable to interpret <:Commands[EMPTYJAVA][emptytemp]> in the current context!
OTL by OldTimer - Version 3.2.54.0 log created on 07202012_200922
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
You instructed this -
".... after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post."
I followed exactly, but when *.log and press enter, nothing change, nothing happened..:-(
-
Hello hello. I am back so soon as I thought it will take longer time as earlier because I wanted to run out for my dinner. Anyway., yeah I hit run fix after copy/paste what u told me. It did its job almost in an instant, yes in an instant, no scanning. I clicked yes to reboot and immediately after reboot even when the other start up programs yet to load, it opened this where I cant save the texts because all the menu were greyed out. Here I copied and paste below:
All processes killed
Error: Unable to interpret <:Commands[EMPTYJAVA][emptytemp]> in the current context!
OTL by OldTimer - Version 3.2.54.0 log created on 07202012_200922
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
You instructed this -
".... after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post."
I followed exactly, but when *.log and press enter, nothing change, nothing happened..:-(
-
Oops did I (click scan instead of run fix)? Alright I do it again. Be back to repost in about 2-3 hours later.
-
Hello. here's the second log, the Extras.
-
AS I mentioned I read sme postings on bleeping computer about this similar problem. I found what the helper was asking people to d/l the RKill. I managed to d/l one out of the 3 which was listed. It it useful? I am just wondering if I can click on it to do something I dont know what actually it will do to my computer, honestly. I wouldn't try and dare not to try. But just asking you for comments.
-
Hello.
I d/l the renamed version, clicked began scan. It did not asked for reboot neither did it indicate "fix complete press ok to open the log". Instead upon scan finished straightway a note pad log opened and I cut and paste it here below, but there are 2 more items on the desktop created, one is a 'OTL' and the other is 'Extras'. Anything you want me to do with them? What are they?
One more thing I wish to bring it up - yesterday I mentioned I did 3 cycles of shutdown/reboot one after another, there was no check disk run after booting up. BUT this morning there it came back, which I allowed the check disk run, and the process ran normally to bootup. The prompt came, WINDOWS COMMAND PROCESSOR was asking for permission, click YES or NO, which of course was a NO.
I happened to read some fixing forums on the bleeping website, I read somewhere some chap was asking a 'infected' reader to do some check on his task manager. Well I did that out of curiousity AND found that at the application left top corner besides the process when I opened up the task manager, I noticed that the description, WINDOWS COMMAND PROCESSOR was waiting for my action yes or no, and I killed it by ending it.
---------------------------------------------------------------
OTL logfile created on: 20-Jul-12 17:34:15 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Terence\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.27 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 54.55% Memory free
6.54 Gb Paging File | 4.45 Gb Available in Paging File | 68.09% Paging File free
Paging file location(s): c:\pagefile.sys 0 0g:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107.62 Gb Total Space | 33.40 Gb Free Space | 31.03% Space Free | Partition Type: NTFS
Drive D: | 92.77 Gb Total Space | 78.78 Gb Free Space | 84.92% Space Free | Partition Type: NTFS
Drive E: | 97.60 Gb Total Space | 87.05 Gb Free Space | 89.19% Space Free | Partition Type: NTFS
Drive G: | 511.50 Mb Total Space | 495.23 Mb Free Space | 96.82% Space Free | Partition Type: FAT32
Drive I: | 237.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 465.04 Gb Total Space | 82.37 Gb Free Space | 17.71% Space Free | Partition Type: FAT32
Computer Name: TERENCEHPENVY14 | User Name: Terence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012-07-20 17:32:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Terence\Desktop\OTL.com
PRC - [2012-07-20 14:03:01 | 000,238,544 | ---- | M] (Microsoft Corporation) -- C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-07-03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-04-03 13:48:55 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012-03-30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012-03-26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011-11-07 16:10:27 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011-09-01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011-07-11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011-07-11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011-05-16 03:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010-04-28 12:16:38 | 001,824,120 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
PRC - [2010-04-28 12:16:16 | 000,320,888 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
PRC - [2010-04-07 08:22:06 | 000,161,144 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
PRC - [2010-03-26 03:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2010-03-24 14:17:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010-03-24 14:17:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010-03-12 12:02:10 | 000,090,112 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
PRC - [2010-03-05 08:08:22 | 000,169,336 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
PRC - [2009-09-23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006-11-23 17:12:30 | 000,851,968 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006-01-18 09:59:20 | 000,200,704 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CPdeSrvU.exe
========== Modules (No Company Name) ==========
MOD - [2012-06-13 13:14:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012-06-13 13:14:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012-05-10 11:15:30 | 000,452,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0830801d16df3b7dbcc67cd706639276\IAStorUtil.ni.dll
MOD - [2012-05-09 21:12:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012-05-09 21:11:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012-05-09 21:11:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012-05-09 21:11:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012-05-09 21:11:44 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012-05-09 21:10:51 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011-04-15 09:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010-10-20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010-09-15 11:08:18 | 000,057,904 | ---- | M] () -- C:\Windows\SysWOW64\wbload.dll
MOD - [2009-07-14 09:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009-02-27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009-02-27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2006-11-23 17:12:30 | 000,851,968 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2006-10-19 09:27:06 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl
MOD - [2006-01-18 09:59:22 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\PdeSrvps.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011-08-12 07:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011-05-13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010-09-09 18:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010-07-29 19:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009-07-14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 09:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2009-03-03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters)
SRV - [2012-07-12 12:57:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-06-24 02:04:06 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012-03-30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2011-11-07 16:10:27 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-09-09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011-09-01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011-07-11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010-04-28 12:17:02 | 000,359,288 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -- (BFBackupUtilityVSSService)
SRV - [2010-04-28 12:16:16 | 000,320,888 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -- (BFBackupUtilityService)
SRV - [2010-03-26 03:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010-03-24 14:17:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-12 12:02:10 | 000,090,112 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe -- (bufssvr)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-06-09 09:56:16 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
SRV - [2009-03-03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters)
SRV - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-06-30 18:10:03 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012-03-01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011-08-09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011-08-04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011-08-04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011-08-04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011-08-04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011-07-23 00:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011-07-13 05:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011-05-13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011-05-13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011-03-11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-01-16 00:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010-11-20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-17 20:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-10-28 17:15:50 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010-09-09 18:45:34 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-09-09 17:52:50 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-08-24 21:19:40 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-07-28 18:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010-07-28 18:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010-07-20 13:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010-07-20 13:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010-07-20 13:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010-07-14 06:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010-06-25 20:01:04 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010-05-06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010-03-24 13:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-03-10 10:30:28 | 000,047,232 | ---- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BFRD4G.sys -- (BFRD4G)
DRV:64bit: - [2010-03-02 14:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010-02-27 07:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010-01-20 09:08:22 | 000,016,000 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bautpw64.sys -- (bautpw64)
DRV:64bit: - [2010-01-18 10:14:06 | 000,020,608 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bftpusbx64.sys -- (bftpusbx64)
DRV:64bit: - [2010-01-13 23:38:52 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010-01-12 09:14:44 | 000,067,712 | ---- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bftpdskc64.sys -- (bftpdskc64)
DRV:64bit: - [2009-09-18 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009-07-14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 08:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009-06-11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006-01-19 02:01:00 | 000,027,264 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctpdusbx.sys -- (Jukebox3_x64)
DRV - [2009-07-14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002-07-17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {93EFB7EA-B500-4222-BB62-0BC8BE4D83FB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{93EFB7EA-B500-4222-BB62-0BC8BE4D83FB}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{E6F645E7-25D3-43D0-A597-4D344D35FA5D}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://news.google.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Terence\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Terence\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011-11-08 13:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-08 23:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-11-08 13:14:37 | 000,000,000 | ---D | M]
[2012-04-19 14:42:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terence\AppData\Roaming\Mozilla\Extensions
[2012-04-19 15:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\mvldx5nf.default\extensions
[2012-04-19 15:38:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\mvldx5nf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-04-19 15:40:49 | 000,060,970 | ---- | M] () (No name found) -- C:\USERS\TERENCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVLDX5NF.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Terence\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Terence\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Terence\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Beautiful landscape = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\
CHR - Extension: WOT = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.3_0\
CHR - Extension: WOT = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
CHR - Extension: YouTube = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\
CHR - Extension: Gmail = C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012-07-13 14:34:35 | 000,442,725 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15234 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [backup Utility TaskTray Tool] C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe (BUFFALO INC.)
O4 - HKLM..\Run: [buffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe (BUFFALO INC.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [skyDrive] C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 165.21.100.88 165.21.83.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}: DhcpNameServer = 165.21.100.88 165.21.83.88
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-08 17:21:56 | 000,000,091 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011-06-25 13:44:22 | 000,000,016 | -H-- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012-07-20 17:32:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Terence\Desktop\OTL.com
[2012-07-18 13:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-07-18 13:00:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-07-18 13:00:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-07-18 11:34:57 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Terence\Desktop\mbam-setup-1.62.0.1300.exe
[2012-07-18 10:35:28 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-07-18 10:27:42 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\41255614.sys
[2012-07-18 10:22:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-07-18 00:26:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-07-18 00:26:26 | 000,000,000 | ---D | C] -- C:\Users\Terence\AppData\Local\temp
[2012-07-17 23:52:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-07-17 23:52:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-07-17 23:52:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-07-17 23:52:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-07-17 23:40:23 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\Terence\Desktop\ComboFix.exe
[2012-07-16 23:33:16 | 000,000,000 | ---D | C] -- C:\Users\Terence\Desktop\RK_Quarantine
[2012-07-16 23:10:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Terence\Desktop\dds.scr
[2012-07-16 14:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012-07-15 23:14:06 | 000,000,000 | ---D | C] -- C:\Users\Terence\AppData\Roaming\SUPERAntiSpyware.com
[2012-07-15 23:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012-07-15 23:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012-07-13 17:10:48 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Terence\Desktop\tdsskiller.exe
[2012-07-13 15:46:11 | 000,000,000 | ---D | C] -- C:\Users\Terence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012-07-11 15:15:37 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012-07-11 15:15:37 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012-07-11 15:15:37 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012-07-11 15:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012-07-11 13:40:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-07-11 13:40:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-07-11 13:40:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-07-11 13:40:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-07-11 13:40:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-07-11 13:40:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-07-11 13:40:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-07-11 13:40:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-07-11 13:40:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-07-11 13:40:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-07-11 13:40:40 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-07-11 13:40:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-07-11 13:40:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-07-11 12:31:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012-07-11 12:31:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012-07-11 12:31:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012-07-11 12:31:46 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012-07-11 12:31:44 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012-07-09 00:48:15 | 000,000,000 | ---D | C] -- C:\Users\Terence\AppData\Roaming\vlc
[2012-07-09 00:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012-07-02 13:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012-07-02 13:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012-06-30 18:23:51 | 000,000,000 | R--D | C] -- C:\Users\Terence\SkyDrive
[2012-06-30 18:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012-06-30 18:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012-06-30 18:10:03 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012-06-30 18:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012-06-24 12:01:14 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012-06-24 12:01:14 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012-06-24 12:01:14 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012-06-24 12:01:07 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012-06-24 12:01:07 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012-06-24 12:01:06 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012-06-24 12:00:55 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012-06-24 12:00:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2011-11-09 14:05:40 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2011-11-08 23:34:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis204.exe
========== Files - Modified Within 30 Days ==========
[2012-07-20 17:34:03 | 536,870,912 | -H-- | M] () -- C:\BFRD_000.dat
[2012-07-20 17:32:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Terence\Desktop\OTL.com
[2012-07-20 17:07:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-20 16:57:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-07-20 16:48:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3563281658-2379863367-1239264620-1000UA.job
[2012-07-20 16:26:08 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-20 16:26:08 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-20 16:18:53 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-20 16:18:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-20 16:18:18 | 2634,240,000 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-20 15:14:00 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5d51103b-71bd-4c11-8b8a-667ce1a600ec.job
[2012-07-19 10:48:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3563281658-2379863367-1239264620-1000Core.job
[2012-07-18 13:00:06 | 000,001,137 | ---- | M] () -- C:\Users\Terence\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-07-18 13:00:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-07-18 12:51:34 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTerence.job
[2012-07-18 11:35:10 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Terence\Desktop\mbam-setup-1.62.0.1300.exe
[2012-07-18 10:48:41 | 000,430,480 | ---- | M] () -- C:\Users\Terence\Desktop\TDSSpic2.jpg
[2012-07-18 10:47:47 | 000,441,428 | ---- | M] () -- C:\Users\Terence\Desktop\TDSSpic1.jpg
[2012-07-18 10:27:42 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\41255614.sys
[2012-07-17 23:40:50 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\Terence\Desktop\ComboFix.exe
[2012-07-16 23:34:57 | 001,558,528 | ---- | M] () -- C:\Users\Terence\Desktop\RogueKiller.exe
[2012-07-16 23:10:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Terence\Desktop\dds.scr
[2012-07-16 14:05:04 | 000,002,097 | ---- | M] () -- C:\Users\Terence\Desktop\HiJackThis.lnk
[2012-07-15 23:14:01 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-07-13 17:11:20 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Terence\Desktop\tdsskiller.exe
[2012-07-13 15:46:11 | 000,001,268 | ---- | M] () -- C:\Users\Terence\Desktop\Revo Uninstaller.lnk
[2012-07-13 14:34:35 | 000,442,725 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-07-12 12:57:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-07-12 12:57:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-07-12 10:49:21 | 000,002,418 | ---- | M] () -- C:\Users\Terence\Desktop\Google Chrome.lnk
[2012-07-11 13:53:21 | 005,072,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-07-11 11:39:47 | 000,843,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-07-11 11:39:47 | 000,709,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-07-11 11:39:47 | 000,144,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-07-10 00:01:30 | 014,069,983 | ---- | M] () -- C:\Users\Terence\Documents\I will always love you live 1994 - Whitney Houston (subtítulos en español)_12.mp4
[2012-07-09 00:40:44 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-07-09 00:01:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTERENCEHPENVY14$.job
[2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-07-02 13:51:10 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012-07-02 12:18:38 | 000,001,978 | ---- | M] () -- C:\Users\Terence\Documents\cc_20120702_121753.reg
[2012-06-30 18:10:05 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012-06-30 18:10:03 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012-06-22 16:31:28 | 000,442,125 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120713-143435.backup
========== Files Created - No Company Name ==========
[2012-07-18 13:00:06 | 000,001,137 | ---- | C] () -- C:\Users\Terence\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-07-18 13:00:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-07-18 11:58:00 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTerence.job
[2012-07-18 10:48:40 | 000,430,480 | ---- | C] () -- C:\Users\Terence\Desktop\TDSSpic2.jpg
[2012-07-18 10:47:47 | 000,441,428 | ---- | C] () -- C:\Users\Terence\Desktop\TDSSpic1.jpg
[2012-07-18 00:44:35 | 000,000,514 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5d51103b-71bd-4c11-8b8a-667ce1a600ec.job
[2012-07-17 23:52:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-07-17 23:52:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-07-17 23:52:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-07-17 23:52:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-07-17 23:52:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-07-16 23:34:57 | 001,558,528 | ---- | C] () -- C:\Users\Terence\Desktop\RogueKiller.exe
[2012-07-15 23:14:01 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-07-10 00:01:28 | 014,069,983 | ---- | C] () -- C:\Users\Terence\Documents\I will always love you live 1994 - Whitney Houston (subtítulos en español)_12.mp4
[2012-07-09 00:40:44 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-07-02 13:51:10 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012-07-02 12:17:56 | 000,001,978 | ---- | C] () -- C:\Users\Terence\Documents\cc_20120702_121753.reg
[2012-06-30 18:23:50 | 000,002,173 | ---- | C] () -- C:\Users\Terence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012-06-30 18:10:05 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012-05-13 12:59:11 | 000,009,849 | R--- | C] () -- C:\Windows\UN090430.INI
[2012-04-18 00:06:09 | 000,001,406 | ---- | C] () -- C:\Users\Terence\gsview32.ini
[2012-03-31 16:59:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\PdeSrvps.dll
[2012-03-31 16:44:22 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2012-02-20 14:47:26 | 000,006,144 | ---- | C] () -- C:\Users\Terence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-02-08 11:36:30 | 000,035,000 | ---- | C] () -- C:\Users\Terence\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012-01-23 11:37:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012-01-23 11:37:13 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012-01-23 11:37:13 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012-01-23 11:37:13 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012-01-23 11:37:13 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012-01-23 11:37:13 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012-01-23 11:37:13 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012-01-23 11:37:13 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012-01-23 11:37:13 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012-01-23 11:37:13 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012-01-23 11:37:13 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012-01-23 11:37:13 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012-01-23 11:37:13 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012-01-23 11:37:13 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012-01-23 11:37:13 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012-01-23 11:37:13 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012-01-23 11:37:13 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012-01-23 11:37:13 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012-01-23 11:37:13 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011-12-11 21:02:37 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-12-11 21:02:36 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-12-11 21:02:36 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe
[2011-12-04 23:24:15 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011-11-13 20:45:01 | 000,011,544 | ---- | C] () -- C:\Users\Terence\gsview64.ini
[2011-11-07 20:47:01 | 000,000,017 | ---- | C] () -- C:\Users\Terence\AppData\Local\resmon.resmoncfg
[2011-11-07 19:15:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-11-07 14:20:42 | 000,830,120 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-11-07 13:20:07 | 000,012,542 | R--- | C] () -- C:\Windows\UN080616.INI
[2011-11-07 13:12:54 | 000,016,109 | R--- | C] () -- C:\Windows\UN091222.INI
[2011-11-07 13:12:51 | 000,012,448 | R--- | C] () -- C:\Windows\UN091114.INI
[2011-11-07 13:12:48 | 000,030,592 | R--- | C] () -- C:\Windows\UN091111.INI
[2011-11-07 13:12:45 | 000,012,170 | R--- | C] () -- C:\Windows\UN091201.INI
[2011-11-07 00:14:30 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010-09-15 11:08:18 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2010-07-28 18:08:44 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010-07-28 18:08:42 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010-07-28 18:08:40 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010-07-28 17:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010-07-28 17:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
========== Custom Scans ==========
< :Commands[EMPTYJAVA][emptytemp >
========== Files - Unicode (All) ==========
[2012-03-27 12:09:46 | 000,015,760 | ---- | M] ()(C:\Users\Terence\Documents\Ah Sun learn from ??.docx) -- C:\Users\Terence\Documents\Ah Sun learn from 孟子.docx
[2012-03-27 12:07:46 | 000,015,760 | ---- | C] ()(C:\Users\Terence\Documents\Ah Sun learn from ??.docx) -- C:\Users\Terence\Documents\Ah Sun learn from 孟子.docx
[2012-03-25 00:56:23 | 000,013,476 | ---- | M] ()(C:\Users\Terence\Documents\????????????.docx) -- C:\Users\Terence\Documents\为你的难过而快乐的是敌人.docx
[2012-03-25 00:56:22 | 000,013,476 | ---- | C] ()(C:\Users\Terence\Documents\????????????.docx) -- C:\Users\Terence\Documents\为你的难过而快乐的是敌人.docx
< End of report >
-
Ok. Tomorrow I ll do it and post accordingly. Thanks.
-
I ran 3 cycles of shut down/restart, and apparently now all is normal and well. I just like to emphasise a little, please bear with me what I mean which aroused my suspicions. Attached 2 print scrn shots for you understanding.
But I still take issue with the TFC cleaner because after cleaning it still does not auto reboot when I X off which means according to indication on the screen, the temp files still remain, am I right? Please comment om this, thanks.
-
Hello there again. I thought I posted out a reply half a day ago - and is not reflected in our forum here. I mentioned that my computer is still behaving the same way before I seek help here, which are 2 things that worried me, the check disk running and instead of seeing lines of fast moving scripts texts which are still clearly readable tho fast, the check disks is running in an unusual way, the alphabets of each line of script texts are overlapping one another. In addition, these lines of script texts do not run across the left to right of the screen, they onlyc occupied half of the screen length and about 2 thirds top to bottom. This behaviour I interpret as possible malware doing their work.
2nd it is the TFC, after clearing all temp files, it did not reboot auto when supposed to. And unusually next happen is the open up of the library folder each time after so called clearing of all temp files.
So why do all these happen basing on what you have looked so far?
-
Got cha before I saw your reply instructions.
-
Hope I am succeesful in attaching the first TDSS log here:
TDSSKiller.2.7.45.0_16.07.2012_10.19.09_log.txt
This is the 2nd one:
-
The web page said the post is too long for the first TDSS log, so I am breaking into 2 , hope I can do it right.
-
Please let me know if u wanted me to do a cut and paste job to post the 2 TDSS logs? or attach the 2 log files as attachment, but how? Sorry for a bit of amateur questions.
-
Oops sorry again - feel i ought to inform you when I select all as you said when starting to do the MBAM scan, this click remove selected did not happen. I didnt see anything that asked me to click anything sir.
-
OK I believe I found the 2 TDSS logs - u want me to cut and paste them over to you - its very long when I did a scroll down.
I cannot tell you how is my computer running because I still get the scan disk request at start up after the windows colour flag appears. And similarly I canclled the scan within 10 mins if not the scan will auto run in 3 stages I believe.
The problem new version 1.70
in Malwarebytes for Windows Support Forum
Posted
Hard luck. Again and again, problem returns. My computer has went thru numerous forced shut downs that check disks ran a a couple of times. No way that I can allow this version 1.7 to continue to cause further damage to my computer. I already lodged a complaint email to support. Lets see what they revert.