liam5
-
Posts
52 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by liam5
-
-
My job is to help people to remove malware from their computers......this is my specialty.
Operating system problems I don't and can't get involved in, that's what tech forums are for.
Your system is clean, no malware on it.
There's plenty of info on that error mesage on the web:
http://lmgtfy.com/?q...n_nonpaged_area
There's also plenty of tech forums available to you, here's a couple:
http://forums.whatth...p?showforum=119
http://www.geekstogo...-and-windows-7/
http://www.bleepingc...nt200020032008/
http://www.techsuppo...rum.com/forums/
MrC
Well I only got that bsod, since you helped me remove the malware. So one of your tools must of caused it.. Sigh.. Okay well thanks for the "partial help", I definitely won't be donating or using this forum ever again.
-
I just got the bsod again.. Here is the minidump file. The error was page_fault_in_nonpaged_area.
-
OK, you already deleted everything.
How is it???? MrC
It's okay, but. Do you know what caused the bsod's and is it solved? I remember when the blue screen came up, the error was "page_file_not_found".
-
# AdwCleaner v2.113 - Logfile created 03/03/2013 at 21:08:35
# Updated 23/02/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files\IB Updater
Deleted on reboot : C:\ProgramData\AVG Secure Search
Deleted on reboot : C:\Windows\SysWOW64\WNLT
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Key Deleted : HKLM\Software\PIP
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.97
*************************
AdwCleaner[R1].txt - [1135 octets] - [03/03/2013 21:08:04]
AdwCleaner[s1].txt - [1097 octets] - [03/03/2013 21:08:35]
########## EOF - C:\AdwCleaner[s1].txt - [1157 octets] ##########
-
ComboFix 13-03-03.01 - User 03/03/2013 19:45:03.2.4 - x64
Running from: c:\users\User\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 )))))))))))))))))))))))))))))))
.
.
2013-03-03 19:58 . 2013-03-03 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-03 17:58 . 2013-03-03 17:59 -------- d-----w- c:\program files\Adobe
2013-03-03 17:55 . 2013-03-03 17:55 -------- d-----w- C:\adobeTemp
2013-03-03 17:52 . 2013-03-03 18:00 -------- d-----w- c:\program files\Common Files\Adobe
2013-03-03 16:36 . 2013-03-03 17:31 -------- d-----w- C:\Adobe Photoshop CS6
2013-03-03 16:36 . 2013-03-03 16:36 -------- d-----w- c:\users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-03-03 13:39 . 2007-01-19 18:24 25312 ----a-r- c:\windows\system32\drivers\SCMNdisP.sys
2013-03-03 13:38 . 2011-12-12 17:37 1229568 ----a-w- c:\windows\system32\drivers\bcmwlhigh664.sys
2013-03-03 13:02 . 2013-03-03 13:02 -------- d-----w- c:\users\User\AppData\Roaming\InstallShield
2013-03-01 15:46 . 2013-03-03 12:39 -------- d-----w- c:\users\User\Tracing
2013-03-01 15:39 . 2013-03-01 15:42 -------- d-----w- c:\program files (x86)\Windows Live
2013-03-01 15:38 . 2013-03-01 15:45 -------- d-----w- c:\users\User\AppData\Local\Windows Live
2013-02-28 15:12 . 2013-02-28 16:33 -------- d-----w- c:\users\User\AppData\Roaming\BitTorrent
2013-02-27 11:55 . 2013-02-27 11:55 -------- d-----w- C:\VTRoot
2013-02-27 11:54 . 2013-02-27 11:54 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-02-27 10:56 . 2013-02-27 10:56 -------- d-----w- C:\Sandbox
2013-02-27 10:56 . 2013-02-27 10:56 -------- d-----w- c:\program files\Sandboxie
2013-02-26 14:07 . 2013-02-26 14:07 -------- d-----w- c:\users\User\AppData\Roaming\PDAppFlex
2013-02-26 11:49 . 2013-02-26 11:49 -------- d-----w- c:\users\User\AppData\Local\Microsoft Help
2013-02-26 11:37 . 2013-02-19 03:57 9162192 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E47A6050-4D40-43E7-BF49-9CD6E87941FE}\mpengine.dll
2013-02-26 11:28 . 2013-02-26 11:28 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-02-26 11:08 . 2013-02-26 11:08 -------- d-----w- c:\program files\CCleaner
2013-02-26 11:05 . 2013-02-26 11:05 404920 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 11:02 . 2013-02-26 11:02 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-26 11:02 . 2013-02-26 11:02 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-26 11:02 . 2013-02-26 11:02 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-26 11:02 . 2013-02-26 11:02 188320 ----a-w- c:\windows\system32\java.exe
2013-02-26 10:59 . 2013-02-26 10:59 -------- d-----w- c:\users\User\AppData\Local\WindowsUpdate
2013-02-26 10:56 . 2013-02-26 10:56 -------- d-----w- c:\users\User\AppData\Local\Secunia PSI
2013-02-26 10:56 . 2013-02-26 10:56 -------- d-----w- c:\program files (x86)\Secunia
2013-02-26 10:42 . 2013-02-26 10:42 -------- d-----w- c:\users\User\AppData\Roaming\abelhadigital.com
2013-02-26 10:42 . 2013-02-26 10:42 -------- d-----w- c:\programdata\abelhadigital.com
2013-02-26 10:42 . 2013-02-26 10:42 -------- d-----w- c:\program files (x86)\HostsMan
2013-02-26 10:27 . 2013-02-26 10:27 -------- d-----w- c:\programdata\Panda Security
2013-02-26 10:27 . 2013-02-26 10:27 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2013-02-26 10:26 . 2013-02-26 10:26 -------- d-----w- c:\program files (x86)\Cookienator
2013-02-26 08:47 . 2013-02-26 08:47 -------- d-----w- c:\program files (x86)\Foxit Software
2013-02-25 16:58 . 2013-02-25 16:58 -------- d-----w- c:\windows\ERUNT
2013-02-25 16:58 . 2013-02-25 17:26 -------- d-----w- C:\JRT
2013-02-25 16:56 . 2013-02-25 16:56 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2013-02-25 16:06 . 2013-03-03 20:04 -------- d-----w- c:\users\User\AppData\Local\temp
2013-02-25 13:59 . 2013-02-25 13:59 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-25 12:37 . 2013-03-03 18:00 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-02-25 12:10 . 2013-02-25 12:21 -------- d-----w- C:\Adobe Dreamweaver CS6
2013-02-25 12:08 . 2013-02-25 12:08 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2013-02-25 11:59 . 2013-02-25 11:59 -------- d-----w- c:\users\User\AppData\Roaming\KompoZer
2013-02-25 11:24 . 2013-02-25 11:24 -------- d-s---w- c:\programdata\Shared Space
2013-02-25 11:21 . 2013-03-03 17:47 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-02-25 11:21 . 2013-03-03 17:47 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-02-25 11:20 . 2013-02-25 11:20 -------- d-----w- c:\programdata\Comodo Downloader
2013-02-25 10:40 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-02-25 10:40 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-02-25 10:40 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-02-25 10:40 . 2012-10-30 22:51 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-02-25 10:40 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-25 10:40 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-25 10:40 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-25 10:40 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-02-25 09:34 . 2013-03-03 13:47 -------- d-s---w- c:\users\User\Google Drive
2013-02-25 09:24 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-25 09:22 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-25 09:22 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-25 09:14 . 2013-02-25 09:14 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-02-25 09:13 . 2013-02-25 09:13 -------- d-----w- c:\programdata\Malwarebytes
2013-02-25 09:13 . 2013-02-25 09:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-25 09:13 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-25 09:10 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-02-25 09:10 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-02-25 09:10 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-02-25 09:10 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-02-25 09:10 . 2013-01-05 05:37 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-25 09:09 . 2013-01-04 11:31 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-25 09:09 . 2013-01-04 01:59 2773504 ----a-w- c:\windows\system32\win32k.sys
2013-02-25 09:09 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
2013-02-25 09:09 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll
2013-02-25 09:09 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2013-02-25 09:09 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-02-25 09:09 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-02-24 21:37 . 2013-02-27 11:56 -------- d-----w- c:\users\User\jagexcache
2013-02-24 21:36 . 2013-02-24 21:36 -------- d-----w- c:\program files (x86)\Skillbrains
2013-02-24 21:36 . 2013-02-24 21:36 -------- d-----w- c:\users\User\AppData\Local\Skillbrains
2013-02-24 21:26 . 2013-02-24 21:26 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-24 19:31 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2013-02-24 19:31 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-02-24 19:31 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-02-24 19:31 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-02-24 19:30 . 2011-03-30 21:54 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2013-02-24 19:30 . 2011-03-30 21:51 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll
2013-02-24 19:30 . 2011-03-30 21:51 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2013-02-24 19:30 . 2010-02-03 11:20 47632 ----a-w- c:\windows\system32\drivers\npf.sys
2013-02-24 19:30 . 2006-11-02 08:04 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2013-02-24 19:30 . 2013-03-03 13:25 -------- d-----w- c:\program files (x86)\NETGEAR
2013-02-17 22:06 . 2013-02-18 08:26 -------- d-----w- C:\Firefox
2013-02-07 12:15 . 2013-02-07 12:15 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 11:02 . 2012-12-06 15:39 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-26 11:02 . 2012-12-06 15:39 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-25 13:59 . 2012-12-06 15:23 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-25 13:59 . 2012-12-06 15:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-04 22:49 . 2006-11-02 12:35 70004024 ----a-w- c:\windows\system32\mrt.exe
2013-01-24 22:43 . 2013-01-24 22:43 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-01-24 22:43 . 2013-01-24 22:43 461384 ----a-w- c:\windows\system32\guard64.dll
2013-01-24 22:43 . 2013-01-24 22:43 354752 ----a-w- c:\windows\SysWow64\guard32.dll
2013-01-24 22:42 . 2013-01-24 22:42 45776 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-01-24 22:42 . 2013-01-24 22:42 326352 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-01-24 22:42 . 2013-01-24 22:42 40656 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-01-24 22:42 . 2013-01-24 22:42 263888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-01-17 01:28 . 2012-12-17 13:28 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-16 19:51 . 2013-01-16 19:51 95752 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-01-16 19:51 . 2013-01-16 19:51 700904 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-01-16 19:51 . 2013-01-16 19:51 47336 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-01-16 19:51 . 2013-01-16 19:51 23688 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-12-12 11:02 . 2012-12-12 11:02 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-12-09 20:38 . 2012-12-09 20:38 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-12-09 20:38 . 2012-12-09 20:38 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-12-09 20:38 . 2012-12-09 20:38 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-09 20:38 . 2012-12-09 20:38 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-09 20:38 . 2012-12-09 20:38 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-12-09 20:38 . 2012-12-09 20:38 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-12-09 20:38 . 2012-12-09 20:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-12-09 20:38 . 2012-12-09 20:38 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-12-09 20:38 . 2012-12-09 20:38 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-12-09 20:38 . 2012-12-09 20:38 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-12-09 20:38 . 2012-12-09 20:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-12-09 20:38 . 2012-12-09 20:38 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-12-09 20:38 . 2012-12-09 20:38 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-12-09 20:38 . 2012-12-09 20:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-12-09 20:38 . 2012-12-09 20:38 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-12-09 20:38 . 2012-12-09 20:38 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-12-09 20:38 . 2012-12-09 20:38 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-12-09 20:38 . 2012-12-09 20:38 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-12-09 20:38 . 2012-12-09 20:38 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-12-09 20:38 . 2012-12-09 20:38 222208 ----a-w- c:\windows\system32\msls31.dll
2012-12-09 20:38 . 2012-12-09 20:38 197120 ----a-w- c:\windows\system32\msrating.dll
2012-12-09 20:38 . 2012-12-09 20:38 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-12-09 20:38 . 2012-12-09 20:38 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-12-09 20:38 . 2012-12-09 20:38 136192 ----a-w- c:\windows\system32\advpack.dll
2012-12-09 20:38 . 2012-12-09 20:38 12288 ----a-w- c:\windows\system32\mshta.exe
2012-12-09 20:38 . 2012-12-09 20:38 114176 ----a-w- c:\windows\system32\admparse.dll
2012-12-09 20:38 . 2012-12-09 20:38 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-12-09 20:38 . 2012-12-09 20:38 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-12-09 20:38 . 2012-12-09 20:38 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-12-09 20:38 . 2012-12-09 20:38 82432 ----a-w- c:\windows\system32\icardie.dll
2012-12-09 20:38 . 2012-12-09 20:38 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-12-09 20:38 . 2012-12-09 20:38 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-12-09 20:38 . 2012-12-09 20:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-12-09 20:38 . 2012-12-09 20:38 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-12-09 20:38 . 2012-12-09 20:38 448512 ----a-w- c:\windows\system32\html.iec
2012-12-09 20:38 . 2012-12-09 20:38 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-12-09 20:38 . 2012-12-09 20:38 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-12-09 20:38 . 2012-12-09 20:38 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-12-09 20:38 . 2012-12-09 20:38 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-12-09 20:38 . 2012-12-09 20:38 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-12-09 20:38 . 2012-12-09 20:38 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-12-09 20:38 . 2012-12-09 20:38 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-12-09 20:38 . 2012-12-09 20:38 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-12-09 20:38 . 2012-12-09 20:38 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-12-09 20:38 . 2012-12-09 20:38 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-09 20:38 . 2012-12-09 20:38 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-12-09 20:38 . 2012-12-09 20:38 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-12-09 20:38 . 2012-12-09 20:38 160256 ----a-w- c:\windows\system32\wextract.exe
2012-12-09 20:38 . 2012-12-09 20:38 149504 ----a-w- c:\windows\system32\occache.dll
2012-12-09 20:38 . 2012-12-09 20:38 103936 ----a-w- c:\windows\system32\inseng.dll
2012-12-09 20:37 . 2012-12-09 20:37 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2012-12-09 20:37 . 2012-12-09 20:37 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-12-09 20:37 . 2012-12-09 20:37 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-12-09 20:37 . 2012-12-09 20:37 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2012-12-09 20:37 . 2012-12-09 20:37 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2012-12-09 20:37 . 2012-12-09 20:37 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2012-12-09 20:37 . 2012-12-09 20:37 3548672 ----a-w- c:\windows\system32\mf.dll
2012-12-09 20:37 . 2012-12-09 20:37 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-12-09 20:37 . 2012-12-09 20:37 34304 ----a-w- c:\windows\system32\mfpmp.exe
2012-12-09 20:37 . 2012-12-09 20:37 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2012-12-09 20:37 . 2012-12-09 20:37 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2012-12-09 20:37 . 2012-12-09 20:37 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-12-09 20:37 . 2012-12-09 20:37 195072 ----a-w- c:\windows\system32\mfps.dll
2012-12-09 20:37 . 2012-12-09 20:37 748544 ----a-w- c:\windows\system32\stobject.dll
2012-12-09 20:37 . 2012-12-09 20:37 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2012-12-09 20:37 . 2012-12-09 20:37 278528 ----a-w- c:\windows\system32\mfplat.dll
2012-12-09 20:37 . 2012-12-09 20:37 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2012-12-09 20:37 . 2012-12-09 20:37 1204224 ----a-w- c:\windows\system32\shdocvw.dll
2012-12-09 20:37 . 2012-12-09 20:37 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2012-12-09 20:37 . 2012-12-09 20:37 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-12-09 20:37 . 2012-12-09 20:37 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-12-09 20:37 . 2012-12-09 20:37 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-12-09 20:37 . 2012-12-09 20:37 625152 ----a-w- c:\windows\system32\dxgi.dll
2012-12-09 20:37 . 2012-12-09 20:37 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2012-12-09 20:37 . 2012-12-09 20:37 47104 ----a-w- c:\windows\system32\cdd.dll
2012-12-09 20:37 . 2012-12-09 20:37 366592 ----a-w- c:\windows\system32\winspool.drv
2012-12-09 20:37 . 2012-12-09 20:37 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-12-09 20:37 . 2012-12-09 20:37 287232 ----a-w- c:\windows\system32\d3d10core.dll
2012-12-09 20:37 . 2012-12-09 20:37 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2012-12-09 20:37 . 2012-12-09 20:37 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2012-12-09 20:37 . 2012-12-09 20:37 1268224 ----a-w- c:\windows\system32\d3d10.dll
2012-12-09 20:37 . 2012-12-09 20:37 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="c:\users\User\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-11-15 226152]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 16328976]
"Cookienator"="c:\program files (x86)\Cookienator\cookienator.exe" [2009-10-19 1333472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-08-13 172032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-01-15 1851088]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2008-07-17 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-24 19:42 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 14:31]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 14:31]
.
2013-03-03 c:\windows\Tasks\update-S-1-5-21-935262092-2157221715-4053049809-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-02-24 21:34]
.
2013-03-03 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-02-24 21:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1451728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1212&m=aspire_x3200
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1212&m=aspire_x3200
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{275C39E0-15FB-4626-B38D-1F40FC7C7F39}: NameServer = 192.168.1.254
TCP: Interfaces\{58076081-F728-4D3D-A97B-8765461E6B5D}: NameServer = 192.168.1.254
TCP: Interfaces\{A5F9A929-8C54-4047-A14A-95F18EB46ECB}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zj_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zj_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zj.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zj.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zj.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zj.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\COMODO\launcher_service.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files (x86)\Comodo\Dragon\dragon_updater.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files (x86)\Secunia\PSI\PSIA.exe
c:\program files (x86)\Secunia\PSI\sua.exe
c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
c:\program files (x86)\Secunia\PSI\psi_tray.exe
c:\program files (x86)\Comodo\GeekBuddy\unit_manager.exe
c:\program files (x86)\Comodo\GeekBuddy\unit.exe
c:\users\User\AppData\Local\Skillbrains\lightshot\3.4.0.0\LightShot.exe
.
**************************************************************************
.
Completion time: 2013-03-03 20:12:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-03 20:12
.
Pre-Run: 142,571,380,736 bytes free
Post-Run: 143,130,775,552 bytes free
.
- - End Of File - - 76B35815E8B0CC19C47FFC940EC4B835
-
No viruses were found.
-
RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 03/03/2013 13:54:40
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] Lightshot.exe -- C:\Users\User\AppData\Local\Skillbrains\lightshot\3.4.0.0\LightShot.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\User\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue) [7] -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-935262092-2157221715-4053049809-1000[...]\Run : LightShot (C:\Users\User\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue) [7] -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{A5F9A929-8C54-4047-A14A-95F18EB46ECB} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{A5F9A929-8C54-4047-A14A-95F18EB46ECB} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Windows\Acer(Wide).scr) [-] -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost #[iPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD64 00AAKS-22A7B SCSI Disk Device +++++
--- User ---
[MBR] 6315d3b28ff1bc28fe367695fd4eebb4
[bSP] f2c4f199b44e0dd5c3912661e7704de9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41945088 | Size: 293413 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 642854961 | Size: 296583 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_03032013_02d1354.txt >>
RKreport[1]_S_03032013_02d1354.txt
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by User at 22:12:33 on 2013-03-02
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1212&m=aspire_x3200
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1212&m=aspire_x3200
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
mRunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{275C39E0-15FB-4626-B38D-1F40FC7C7F39} : NameServer = 192.168.1.254
TCP: Interfaces\{58076081-F728-4D3D-A97B-8765461E6B5D} : NameServer = 192.168.1.254
TCP: Interfaces\{98D85A36-E35D-4D06-B3B7-612C3BBEFB5A} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A5F9A929-8C54-4047-A14A-95F18EB46ECB} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{B502BE17-8E9D-4353-87AC-FD1D346219F0} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DC6F562A-1627-4C22-87DE-90B53BF39822} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{DC6F562A-1627-4C22-87DE-90B53BF39822} : DHCPNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1212&m=aspire_x3200
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
x64-Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R? athrusb;Belkin Wireless LAN USB device driver
R? BUNAgentSvc;NTI Backup Now 5 Agent Service
R? CFRMD;CFRMD
R? CLPSLauncher;COMODO LPS Launcher
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? cmdvirth;COMODO Virtual Service Manager
R? DragonUpdater;COMODO Dragon Update Service
R? GeekBuddyRSP;GeekBuddyRSP Service
R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
R? NTIBackupSvc;NTI Backup Now 5 Backup Service
R? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
R? PerfHost;Performance Counter DLL Host
R? PSI;PSI
R? Secunia PSI Agent;Secunia PSI Agent
R? Secunia Update Agent;Secunia Update Agent
R? Skype C2C Service;Skype C2C Service
R? SkypeUpdate;Skype Updater
R? vToolbarUpdater13.2.0;vToolbarUpdater13.2.0
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? WSWNDA3100v2;WSWNDA3100v2
S? Acer HomeMedia Connect Service;Acer HomeMedia Connect Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? avgtp;avgtp
S? BCMH43XX;Broadcom 802.11 USB Network Adapter Driver
S? cmderd;COMODO Internet Security Eradication Driver
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? ETService;Empowering Technology Service
S? FontCache;Windows Font Cache Service
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? SbieDrv;SbieDrv
S? SCMNdisP;General NDIS Protocol Driver
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-02-26 11:05:39 404920 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 11:02:31 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-26 11:02:29 310688 ----a-w- C:\Windows\System32\javaws.exe
2013-02-26 11:02:28 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-02-26 11:02:28 188832 ----a-w- C:\Windows\System32\javaw.exe
2013-02-26 11:02:28 188320 ----a-w- C:\Windows\System32\java.exe
2013-02-26 11:02:28 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-25 13:59:37 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-25 13:59:35 262560 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-02-25 13:59:35 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-02-25 13:59:34 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-25 13:59:34 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-25 13:59:34 174496 ----a-w- C:\Windows\SysWow64\java.exe
2013-02-25 11:21:09 50952 ----a-w- C:\Windows\System32\certsentry.dll
2013-02-25 11:21:09 42760 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-02-07 12:15:22 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-02-04 22:49:34 70004024 ----a-w- C:\Windows\System32\mrt.exe
2013-01-24 22:43:04 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-01-24 22:43:02 461384 ----a-w- C:\Windows\System32\guard64.dll
2013-01-24 22:43:02 354752 ----a-w- C:\Windows\SysWow64\guard32.dll
2013-01-24 22:42:54 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll
2013-01-24 22:42:54 326352 ----a-w- C:\Windows\System32\cmdvrt64.dll
2013-01-24 22:42:50 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2013-01-24 22:42:50 263888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-16 19:51:40 95752 ----a-w- C:\Windows\System32\drivers\inspect.sys
2013-01-16 19:51:40 700904 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-01-16 19:51:40 47336 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2013-01-16 19:51:38 23688 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2013-01-09 01:48:55 17812992 ----a-w- C:\Windows\System32\mshtml.dll
2013-01-09 01:22:26 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:29 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:10:26 237056 ----a-w- C:\Windows\System32\url.dll
2013-01-09 01:09:10 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:50 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:06:39 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-01-09 01:05:45 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-01-09 01:04:58 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-09 01:00:48 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-01-08 22:23:25 12321280 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:09:18 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-01-08 22:03:57 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 22:01:48 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-01-08 22:00:14 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:43 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:57:49 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-01-08 21:56:51 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-01-08 21:56:37 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-08 21:53:13 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-04 11:31:10 1423720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\System32\win32k.sys
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-12 11:02:37 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-12-09 20:37:08 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2012-12-09 20:35:30 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 22:13:49.90 ===============
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ox-d.majorgeeks.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
Hosts: 127.0.0.1 rad.microsoft.com
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 127.0.0.1 smetrics.mcafee.com
.
==== Installed Programs ======================
.
Acer Arcade Live Main Page
Acer DV Magician
Acer DVDivine
Acer Empowering Technology
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Action Replay DSi Code Manager
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Download Assistant
Adobe Dreamweaver CS6
Adobe Flash Player 10 ActiveX
Adobe Help Manager
Adobe Widget Browser
Agatha Christie Death on the Nile
Alice Greenfingers
AV Input Selection
avast! Free Antivirus
Azada
Belkin Wireless USB Utility
Big Kahuna Reef
Bookworm Deluxe
Bricks of Egypt
Cake Mania
CCleaner
Chicken Invaders 3
Chuzzle
Comodo Dragon
COMODO Internet Security
Cookienator
D3DX10
Diner Dash Flo on the Go
eSobi v2
Flip Words 2
Foxit Reader
GameFly
GeekBuddy
Google Chrome
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
HostsMan 3.2.73
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
ISO to USB
Java 7 Update 15
Java 7 Update 15 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 15 (64-bit)
Java SE Development Kit 7 Update 9 (64-bit)
Jewel Quest Solitaire
Kick N Rush
LightScribe 1.4.142.1
lightshot-3.4.0.0
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee SiteAdvisor
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
No-IP DUC
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Panda USB Vaccine 1.0.1.4
PowerISO
proXPN 2.5.1
Realtek High Definition Audio Driver
Sandboxie 3.76 (64-bit)
Secunia PSI (3.0.0.6005)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Simple Port Forwarding
Skype Click to Call
Skype™ 6.1
System Requirements Lab CYRI
Tixati
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices (04/21/2009 2.40.0.0)
Windows Driver Package - Datel Design & Development USBIOControlledDevices (04/21/2009 2.40.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
Zuma Deluxe
.
==== End Of File ===========================
-
I'm not sure what that error means, did you make any changes to the computer?
MrC
nope to be honest I started getting it after I ran that junk remover program. can't remember name.
-
Still would like some help with this bsod.
-
What am I supposed to do with that file???
MrC
I thought the minidump file shows the blue screen logs. Okay tell me what you would like me to do.
-
Compressed the minidump file into a zip folder.
-
Ran it again and just checked.
-All installed programs
-minidump files
MiniToolBox by Farbar Version:01-03-2013
Ran by User (administrator) on 01-03-2013 at 22:19:33
Running from "C:\Users\User\Desktop"
Windows Vista Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************
=========================== Installed Programs ============================
23
Action Replay DSi Code Manager
CCleaner (Version: 3.28)
COMODO Internet Security (Version: 6.0.2566.2708)
Java 7 Update 15 (64-bit) (Version: 7.0.150)
Java SE Development Kit 7 Update 15 (64-bit) (Version: 1.7.0.150)
Java SE Development Kit 7 Update 9 (64-bit) (Version: 1.7.0.90)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager (Version: 1.00.6776)
Sandboxie 3.76 (64-bit) (Version: 3.76)
Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices (04/21/2009 2.40.0.0) (Version: 04/21/2009 2.40.0.0)
Windows Driver Package - Datel Design & Development USBIOControlledDevices (04/21/2009 2.40.0.0) (Version: 04/21/2009 2.40.0.0)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
========================= Minidump Files ==================================
C:\Windows\Minidump\Mini030113-01.dmp
C:\Windows\Minidump\Mini030113-02.dmp
**** End of log ****
-
When I tried to run it, it posted a log and got this error.
MiniToolBox by Farbar Version:01-03-2013
Ran by User (administrator) on 01-03-2013 at 22:13:56
Running from "C:\Users\User\Desktop"
Windows Vista Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************
========================= Event log errors: ===============================
Application errors:
==================
Error: (03/01/2013 09:41:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
-
-
OK, I messed up...Have you tried this:
Open the Start menu. Type "SystemPropertiesProtection.exe" in the "Start Search" field. Press "Enter."
Look under the "Available Disks" section. Uncheck the box of the duplicate C: drive.
Place a check by the C: drive with the Windows logo. Click "Apply" and click "OK."
MrC
There is only one c drive, btw I'm having trouble with my other computer now as well. I seem to be getting a bsod. A mod kindly reopened, the old thread.
-
Thanks for reoponeening this. Mr C, I've started to get a bsod recently and I was wondering if you could help. I can't upload the dmp file for some reason...Could I upload it to mediafire or something then link you?
-
Dude that's windows update xd.
-
Yes, my mistake > system restore. MrC
Nope nothing there. Guess I'm screwed lol.
-
Go to Microsoft Fixit:
http://support.microsoft.com/fixit/
Take a look around, there should be a Fixit for Windows Update under Windows.
I can't give you a specific link because it's operating system specific.
Let me know....MrC
Do you mean system restore? I'll take a look thanks .
-
Tried it but it didn't find anything wrong :/.(talking about method 2)
Already checked method 1.
-
No, that should have repaired system restore, please try it. MrC
Oh my mistake. Okay I tried it but I got this error "The restore point could not be created for the following reason:
The shadow copy provider had an unexpected error while trying to process the specified operation. (0x8004230F)
Please try again.
-
The program ran fine and did everything, I tried afterwards to edit the respiritory(whatever it's called) folder, but it still didn't work. ..
-
I'll get back to you asap.....MrC
No problem at all MrC.
I can see your busy with lots of other people as well, so it's not a problem at all .
Pc is very slow, I think I might be infected!(Vista)
in Resolved Malware Removal Logs
Posted
Thanks for the tech forum links thou. I will use them.