Jump to content

Infected with trojan.dropper.bcminer


Recommended Posts

First, here's the combo-fix log with Run CFScript:

ComboFix 12-06-04.02 - shinyaku 04/06/2012 21:43:27.2.8 - x64

Running from: c:\users\shinyaku\Desktop\Combo-Fix.exe

Command switches used :: c:\users\shinyaku\Desktop\CFScript.txt

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))

.

.

2012-06-05 01:51 . 2012-06-05 01:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-05 01:51 . 2012-06-05 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-04 00:58 . 2012-06-04 00:58 -------- d-----w- c:\users\shinyaku\AppData\Roaming\Avira

2012-06-04 00:52 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-06-04 00:52 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-06-04 00:52 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-06-04 00:52 . 2012-06-04 00:52 -------- d-----w- c:\programdata\Avira

2012-06-04 00:52 . 2012-06-04 00:52 -------- d-----w- c:\program files (x86)\Avira

2012-06-03 22:51 . 2012-06-03 22:51 -------- d-----w- C:\_OTM

2012-05-30 02:38 . 2012-05-30 02:38 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-05-24 02:00 . 2012-05-24 02:00 -------- d-----w- c:\users\shinyaku\AppData\Roaming\MozillaFirefox4.0

2012-05-21 02:21 . 2012-05-21 02:56 -------- d-----w- c:\program files (x86)\Eusing Free Registry Defrag

2012-05-21 02:19 . 2012-05-21 02:21 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner

2012-05-19 00:28 . 2012-05-19 00:28 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-19 00:28 . 2012-05-19 00:28 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-12 00:22 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-12 00:22 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-12 00:22 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-12 00:22 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-12 00:22 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-12 00:22 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-12 00:22 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-12 00:22 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-12 00:22 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-12 00:22 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-12 00:22 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-12 00:22 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-07 23:21 . 2012-05-24 04:07 -------- d-----w- c:\users\shinyaku\AppData\Roaming\Ohqu

2012-05-07 23:21 . 2012-05-21 20:49 -------- d-----w- c:\users\shinyaku\AppData\Roaming\Atoc

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-08 17:02 . 2012-05-30 01:04 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{217F587F-3C72-4EC5-BB64-5A42CE4B1B56}\mpengine.dll

2012-05-05 23:55 . 2012-05-05 23:56 544032 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-05 23:55 . 2012-05-05 23:56 525600 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-17 11:38 . 2012-04-17 11:38 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-17 11:38 . 2011-10-08 03:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 19:56 . 2010-11-09 14:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 12:22 . 2012-03-31 12:22 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-03-31 12:22 . 2012-03-31 12:22 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-03-31 12:22 . 2012-03-31 12:22 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-04_23.18.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-06-05 01:54 53586 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-08 15:29 . 2012-06-05 01:54 21982 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3786737421-1029651582-3655982258-1001_UserData.bin

+ 2010-12-19 00:19 . 2012-06-05 01:51 3904 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-06-04 23:18 . 2012-06-04 23:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-05 01:52 . 2012-06-05 01:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-04 23:18 . 2012-06-04 23:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-05 01:52 . 2012-06-05 01:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-06-04 23:17 361556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-05 01:51 361556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-01-31 01:49 . 2012-06-05 01:51 9347858 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3786737421-1029651582-3655982258-1001-12288.dat

- 2011-01-31 01:49 . 2012-06-04 04:59 9347858 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3786737421-1029651582-3655982258-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-10 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 136176]

R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]

R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 136176]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]

S2 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-04-13 147563]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-05 1604200]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 11:38]

.

2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 04:26]

.

2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 04:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]

"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]

"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

"bcwext"="c:\users\shinyaku\AppData\Local\Temp\bcwext.dll" [bU]

"mandh"="" [bU]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files (x86)\avira\antivir desktop\ipmGui.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

.

**************************************************************************

.

Completion time: 2012-06-04 22:01:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-05 02:01

ComboFix2.txt 2012-06-04 23:28

.

Pre-Run: 63,573,274,624 bytes free

Post-Run: 63,516,307,456 bytes free

.

- - End Of File - - A56DCEDD672C3B6620B42337F3FA1545

Link to post
Share on other sites
  • Replies 74
  • Created
  • Last Reply

Top Posters In This Topic

Here's the Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.04.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

shinyaku :: SHINYAKU-PC [administrator]

Protection: Enabled

04/06/2012 10:05:16 PM

mbam-log-2012-06-04 (22-05-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226030

Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Hi, I've restarted the laptop and I got this error message... post-109166-0-89729500-1338863481.jpg

But otherwise, it seems that it is recovering. I've re-scan with Malwarebytes, and it seems clean for the moment.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.04.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

shinyaku :: SHINYAKU-PC [administrator]

Protection: Enabled

04/06/2012 10:31:57 PM

mbam-log-2012-06-04 (22-31-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226114

Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

What do you think?

Link to post
Share on other sites

We need to clean out your temp files at this point. Check your PC Security as well.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot, if not, do this yourself to ensure a complete clean

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next

Download Security Check by screen317 and save it to your Desktop.

  • Double-click Security Check.exe to start the application
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.

Link to post
Share on other sites

I've download the TFC software, and double click to go into a blue screen, and then restart the laptop. Then the same error message appears.

Then I download the Security Check, and make the scan. While scanning, the Avira Security Alert suddenly pop-up with this message:

post-109166-0-51125900-1338896283.jpg

Here's the log for Security Check:

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Eusing Free Registry Cleaner

Java™ 6 Update 22

Java version out of date!

Adobe Flash Player 11.2.202.233

Adobe Reader 9 Adobe Reader out of date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Click removed with Avira Security Alert for now. As for you temp files with TFC. I have another cleaner when we are almost done. We need to do another ESET Online Scanner as you did before. Please post the log.

There are some older versions of Java and Adobe Acrobat Reader on your computer. These can be a source of the infection/infections.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel

Adobe Reader 9

Java™ 6 Update 22

Reboot your computer once all Java and Adobe Reader components are removed.

Next

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:


    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Now click on: EOLS3.gif

    [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

    [*]When completed the Online Scan will begin automatically.

    [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

    [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

    [*]Now click on: EOLS4.gif

    [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    [*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Okay, I've removed both Adobe Reader and Java. And then reboot, and re-install the newest one. Then, I've run ESets and it took around 4 hours,

So here's the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=67a7cc28605f114fb3b48cc2dfc5d06c

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-06-06 03:26:16

# local_time=2012-06-05 11:26:16 (-0500, Eastern Daylight Time)

# country="Canada"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 0 90481613 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=330409

# found=6

# cleaned=0

# scan_time=15013

C:\dnload\Games\PC\Battlefield 2 full game MP - SP Fixed v_1.5 -=AviaRa=-\Battlefield 2\key-generator.exe a variant of Win32/Keygen.CU application (unable to clean) 00000000000000000000000000000000 I

C:\dnload\Program\Fruity.Loops.Studio.9.Producer.Edition.XXL.rar Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

C:\dnload\Program\gamebooster2.1EN.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I

C:\dnload\Program\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I

C:\Users\Public\Hadoken should blast Mcafee.zap Win32/HackTool.CheatEngine.AB application (unable to clean) 00000000000000000000000000000000 I

C:\Users\shinyaku\Desktop\stuff\Fruity.Loops.Studio.9.Producer.Edition.XXL\Fruity.Loops.Studio.9.Producer.Edition.XXL-SALAD\flstudio_9.0.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

The below items were not in the last ESET report? Did recently download the below items?

  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

    :Services

    :Reg

    :Files
    C:\dnload\Games\PC\Battlefield 2 full game MP - SP Fixed v_1.5 -=AviaRa=-\Battlefield 2\key-generator.exe
    C:\dnload\Program\Fruity.Loops.Studio.9.Producer.Edition.XXL.rar
    C:\dnload\Program\gamebooster2.1EN.exe
    C:\dnload\Program\Nero-7.10.1.0_eng_full.exe
    C:\Users\Public\Hadoken should blast Mcafee.zap
    C:\Users\shinyaku\Desktop\stuff\Fruity.Loops.Studio.9.Producer.Edition.XXL\Fruity.Loops.Studio.9.Producer.Edition.XXL-SALAD\flstudio_9.0.exe
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [clearallrestorepoints]
    [Reboot]


  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Link to post
Share on other sites

Hmm, don't know why it didn't detect the files since I just copy over the log.

Here's the OTM logs:

========== PROCESSES ==========

No active process named :Services was found!

No active process named :Reg was found!

No active process named :Files was found!

No active process named C:\dnload\Program\gamebooster2.1EN.exe was found!

No active process named C:\dnload\Program\Nero-7.10.1.0_eng_full.exe was found!

No active process named C:\Users\Public\Hadoken should blast Mcafee.zap was found!

No active process named C:\Users\shinyaku\AppData\Local\Temp\mandh.dll was found!

No active process named C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n was found!

No active process named C:\Users\shinyaku\Desktop\RK_Quarantine\mandh.dll.vir was found!

No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n was found!

No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\00000008.@ was found!

No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000000.@ was found!

No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000032.@ was found!

No active process named :Commands was found!

No active process named ipconfig /flushdns /c was found!

No active process named [purity] was found!

No active process named [resethosts] was found!

No active process named [CREATERESTOREPOINT] was found!

No active process named [EMPTYFLASH] was found!

No active process named [Reboot] was found!

OTM by OldTimer - Version 3.1.19.0 log created on 06032012_185141

Link to post
Share on other sites

Hi Kenny94, I don't know why but I can't find other logs than this one:

Files moved on Reboot...

File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

How are things now with your PC?

I think so far so good :). Firewall is now back on tracks, Malwarebytes scans with no problems. And Avira have no more pop-ups.

But I'm not sure if it is 100% clean.

Link to post
Share on other sites

Let's do the following:

Download CCleaner from here to clean temp files from your computer.

  • Close all open internet browser windows
  • Double click on the ccsetup file to start the installation of the program.
  • Select your language and click OK, then click Next.
  • Read the license agreement and click I Agree.
  • Click Next to use the default install location. Click Install then click Finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit)
  • If you use Firefox or any other Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.
  • Click on the Options icon at the left side of the window, then click on Advanced.
    uncheck Only delete files in Windows Temp folders older than 24 hours.
  • Click on the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the Registry feature unless you are very familiar with the registry as it has been known to find legitimate items for removal, which can cause issues with other programs.
  • After CCleaner has completed its process, click Exit.

Next

MALWAREBYTES ANTIMALWARE

-------------------------------------------

Please launch MBAM and update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Link to post
Share on other sites

Ok, I've clean with CC cleaner and I've update MalwareBytes:

Here's the log for Malware Bytes:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.07.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

shinyaku :: SHINYAKU-PC [administrator]

Protection: Enabled

07/06/2012 7:21:29 PM

mbam-log-2012-06-07 (21-36-23).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 528082

Time elapsed: 2 hour(s), 14 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

The dialouge box that pops up "The specified module could not be found" the software/malware is looking for this DLL or the hook.dll. As a result the software/malware is stopped, because the DLLs needs the software to run. Let's look at one more scan.

Run CKScanner

  • Please download CKScanner by from Here
  • Important: - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Link to post
Share on other sites

Ok,

Here's the logs:

CKScanner - Additional Security Risks - These are not necessarily bad

c:\dnload\games\pc\need.for.speed.underground.2\no cd crack\speed2.exe

c:\dosbox\war\crack.exe

c:\program files (x86)\image-line\hardcore\presets\i cracked my tube!.hdprg

c:\program files (x86)\image-line\sawer\presets\ambient\mc cracked.sawer

c:\program files (x86)\mount&blade with fire and sword\sounds\fire_small_crackle_slick_op.ogg

c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fate.the.traitor.soul-rituel\fate.the.traitor.soul-rituel\cracktro.exe

c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fruity.loops.studio.9.producer.edition.xxl-salad\official key\readme crack installation.txt

c:\users\shinyaku\documents\xilisoft corporation\video converter ultimate\crack.js

c:\users\shinyaku\games\unreal tournament 2004\ut2004 keygen (xp only).exe

scanner sequence 3.GJ.11.HTAPNR

----- EOF -----

Link to post
Share on other sites

Hi stuck,

This machine contains to many pirated programs which are the source of the infection. Until these are removed from the machine; cleanup is pointless as these cracked versions will continue to reinstall malware. At this point I would recommend you wipe the machine, do a clean install of windows and only install legal copies of software. Also, we have rules here on pirated programs:

http://forums.malwarebytes.org/index.php?showtopic=97700

Link to post
Share on other sites

Hi Kenny,

Sorry about that, since I share this laptop with my roomates, and they've been using the laptop and installed some sh*t pirated stuff that I don't even use. I use the laptop more for web browsing, looking for weather and news, youtube and storing my collection of photos and videos from my camera.

Since I don't want to lose my photos and all, is it possible to just uninstall or delete all those nasty stuff programs without having to restore Windows?

Thanks and sorry about that matter.

Link to post
Share on other sites

Okay,

  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

    :Services

    :Reg

    :Files
    C:\dnload\Games\PC\Battlefield 2 full game MP - SP Fixed v_1.5 -=AviaRa=-\Battlefield 2\key-generator.exe
    C:\dnload\Program\Fruity.Loops.Studio.9.Producer.Edition.XXL.rar
    C:\dnload\Program\gamebooster2.1EN.exeC:\dnload\Program\Nero-7.10.1.0_eng_full.exeC:\Users\Public\Hadoken should blast Mcafee.zap
    C:\Users\shinyaku\Desktop\stuff\Fruity.Loops.Studio.9.Producer.Edition.XXL\Fruity.Loops.Studio.9.Producer.Edition
    c:\dnload\games\pc\need.for.speed.underground.2\no cd crack\speed2.exe
    c:\dosbox\war\crack.exe
    c:\program files (x86)\image-line\hardcore\presets\i cracked my tube!.hdprg
    c:\program files (x86)\image-line\sawer\presets\ambient\mc cracked.sawer
    c:\program files (x86)\mount&blade with fire and sword\sounds\fire_small_crackle_slick_op.ogg
    c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fate.the.traitor.soul-rituel\fate.the.traitor.soul-rituel\cracktro.exe
    c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fruity.loops.studio.9.producer.edition.xxl-salad\official key\readme crack installation.txt
    c:\users\shinyaku\documents\xilisoft corporation\video converter ultimate\crack.js
    c:\users\shinyaku\games\unreal tournament 2004\ut2004 keygen (xp only).exe


    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]


  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next

Please download the latest version of Hitman Pro from one of the following locations:

For 32-Bit Operating Systems

For 64-Bit Operating Systems

  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  • Upload log.xml here for review please

In your next reply, please include these log(s):

1.OTM\MovedFiles (Most recent one. The day you ran it)

2.HitmanPro3 Report

Link to post
Share on other sites

Here's the OTM log:

All processes killed

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

c:\dnload\Games\PC\Battlefield 2 full game MP - SP Fixed v_1.5 -=AviaRa=-\Battlefield 2\key-generator.exe moved successfully.

c:\dnload\Program\Fruity.Loops.Studio.9.Producer.Edition.XXL.rar moved successfully.

c:\dnload\Program\gamebooster2.1EN.exeC:\dnload\Program\Nero-7.10.1.0_eng_full.exeC:\Users\Public\Hadoken should blast Mcafee.zap moved successfully.

c:\Users\shinyaku\Desktop\stuff\Fruity.Loops.Studio.9.Producer.Edition.XXL\Fruity.Loops.Studio.9.Producer.Edition moved successfully.

c:\dnload\games\pc\need.for.speed.underground.2\no cd crack\speed2.exe moved successfully.

c:\dosbox\war\CRACK.EXE moved successfully.

c:\program files (x86)\image-line\hardcore\presets\i cracked my tube!.hdprg moved successfully.

c:\program files (x86)\image-line\sawer\presets\ambient\mc cracked.sawer moved successfully.

c:\program files (x86)\mount&blade with fire and sword\sounds\Fire_Small_Crackle_Slick_op.ogg moved successfully.

c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fate.the.traitor.soul-rituel\fate.the.traitor.soul-rituel\cracktro.exe moved successfully.

c:\users\shinyaku\desktop\stuff\fruity.loops.studio.9.producer.edition.xxl\fruity.loops.studio.9.producer.edition.xxl-salad\official key\readme crack installation.txt moved successfully.

c:\users\shinyaku\documents\xilisoft corporation\video converter ultimate\crack.js moved successfully.

c:\users\shinyaku\games\unreal tournament 2004\UT2004 Keygen (XP only).exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: shinyaku

->Temp folder emptied: 667373 bytes

->Temporary Internet Files folder emptied: 374050 bytes

->Java cache emptied: 0 bytes

->Opera cache emptied: 2534131 bytes

->Flash cache emptied: 5181 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1055102 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.19.0 log created on 06102012_222526

Files moved on Reboot...

C:\Users\shinyaku\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.