Guest Posted July 26, 2012 ID:577066 Share Posted July 26, 2012 Hi, wondering if anyone could help me.My laptop has recently been hijacked. I get a message popping up in my task from "Windows Security Center" (possibly the malware) telling me to check my security settings.If I attempt to load anything it tells me that "the services does not exist as an installed service"(software, regedit, msconfig, services, etc). I tried to startup my services in safemode but still unable even after setting safeboot option value to 0. Also device manager doesn't display any drivers which prevents me from connecting to a network/internet connection and using usb devices.I ran a Malwarebytes scan (full and quick) and it picked up 129 PUP.MyWebSerch files and registry keys. I ran a scan with a different software and it picked up: Adware.Tracking Cookie, Adware.Zango and Trojan.Agent/Gen-FakeAlert[Local].Below are my DDS logs..DDS (Ver_2011-08-26.01) - NTFSx86 MINIMALInternet Explorer: 8.0.6001.19088Run by Katy at 20:02:52 on 2012-07-26.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\Explorer.EXEC:\Windows\helppane.exeC:\Users\Katy\Desktop\dds.scrC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkService.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.co.uk/mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c105l0304zq45t47i2x236uInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%suURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dlluURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllTB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No FileTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllmRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentmRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScriptmPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLTrusted Zone: o2.co.uk\*.broadbandDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{8E754B43-A926-4192-B09F-AE0A89555BE5} : DhcpNameServer = 192.168.1.254TCP: Interfaces\{A156ED08-84FA-4128-BBBC-4F79EC76EB10} : DhcpNameServer = 192.168.1.254Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: igfxcui - igfxdev.dllAppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLLSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLHosts: 127.0.0.1 www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R? BBSvc;Bing Bar Update ServiceR? CLHNService;CLHNServiceR? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86R? DPMemGridVista;Physical Memory I/O for GridVistaR? ePowerSvc;Acer ePower ServiceR? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335R? gupdate;Google Update Service (gupdate)R? gupdatem;Google Update Service (gupdatem)R? L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet ControllerR? MBAMProtector;MBAMProtectorR? MBAMService;MBAMServiceR? McAfee SiteAdvisor Service;McAfee SiteAdvisor ServiceR? McComponentHostService;McAfee Security Scan Component Host ServiceR? McProxy;McAfee Proxy ServiceR? McShield;McAfee Real-time ScannerR? McSysmon;McAfee SystemGuardsR? mfeavfk;McAfee Inc. mfeavfkR? mfebopk;McAfee Inc. mfebopkR? mfehidk;McAfee Inc. mfehidkR? mferkdk;McAfee Inc. mferkdkR? mfesmfk;McAfee Inc. mfesmfkR? mwlPSDFilter;mwlPSDFilterR? mwlPSDNServ;mwlPSDNServR? mwlPSDVDisk;mwlPSDVDiskR? MWLService;MyWinLocker ServiceR? NTIBackupSvc;NTI Backup Now 5 Backup ServiceR? NTISchedulerSvc;NTI Backup Now 5 Scheduler ServiceR? PAC207;PC Camer@R? SASDIFSV;SASDIFSVR? SASKUTIL;SASKUTILR? SBSDWSCService;SBSD Security Center ServiceR? sprtsvc_O2;SupportSoft Sprocket Service (O2)R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0.=============== Created Last 30 ================.2012-07-26 00:00:33 -------- d-----w- C:\TDSSKiller_Quarantine2012-07-25 23:52:52 -------- d-----w- c:\users\katy\appdata\local\temp2012-07-25 23:52:09 -------- d-sh--w- C:\$RECYCLE.BIN2012-07-25 23:11:38 -------- d-----w- c:\program files\VS Revo Group2012-07-25 18:14:18 98816 ----a-w- c:\windows\sed.exe2012-07-25 18:14:18 518144 ----a-w- c:\windows\SWREG.exe2012-07-25 18:14:18 256000 ----a-w- c:\windows\PEV.exe2012-07-25 18:14:18 208896 ----a-w- c:\windows\MBR.exe2012-07-25 18:12:06 -------- d-----w- C:\FRST2012-07-24 23:18:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy2012-07-24 23:18:24 -------- d-----w- c:\program files\Spybot - Search & Destroy2012-07-24 21:53:32 -------- d-----w- c:\windows\pss2012-07-24 19:16:04 -------- d-----w- c:\users\katy\appdata\roaming\Malwarebytes2012-07-24 19:15:28 -------- d-----w- c:\programdata\Malwarebytes2012-07-24 19:15:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-24 19:15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-24 17:56:35 -------- d-----w- c:\users\katy\appdata\roaming\SUPERAntiSpyware.com2012-07-24 17:56:27 -------- d-----w- c:\program files\SUPERAntiSpyware2012-07-24 17:56:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com.==================== Find3M ====================..============= FINISH: 20:04:52.54 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 27/07/2009 23:20:26System Uptime: 26/07/2012 19:58:38 (1 hours ago).Motherboard: Acer | | Aspire 5332 Processor: Celeron® Dual-Core CPU T3000 @ 1.80GHz | uPGA-478 | 1795/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 288 GiB total, 193.524 GiB free.D: is CDROM (UDF).==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================.Update for Microsoft Office 2007 (KB2508958)Acer Arcade DeluxeAcer ePower ManagementAcer eRecovery ManagementAcer Product RegistrationAcer ScreenSaverAcrobat.comAdobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 9Adobe Shockwave Player 11.5AMCapApple Application SupportApple Mobile Device SupportApple Software UpdateAsk ToolbarAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverBlackBerry Desktop Software 5.0.1BonjourC:\Program Files\Acer GameZone\GameConsoleCompatibility Pack for the 2007 Office systemDriving Test Success 2003-2004eSobi v2Google DesktopGoogle Toolbar for Internet ExplorerGoogle Update HelperGridVistaHazard Perception Training 2003-2004Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Intel® Graphics Media Accelerator DriveriTunesJava Auto UpdaterJunk Mail filter updateLaunch ManagerMalwarebytes Anti-Malware version 1.62.0.1300McAfee Security Scan PlusMcAfee SecurityCenterMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Default ManagerMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft WorksMicrosoft WSE 3.0 RuntimeMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MyWinLockerNTI Backup Now 5NTI Backup Now StandardNTI Media Maker 8O2 Broadband AssistantOrionQuickTimeRainbow WebRealtek High Definition Audio DriverRealtek USB 2.0 Card ReaderRevo Uninstaller 1.94Roxio Media ManagerSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2598041) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionSpybot - Search & DestroySUPERAntiSpywareSynaptics Pointing Device DriverThe Sims™ 3Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live Upload ToolWindows Live Writer.==== Event Viewer Messages From Past Week ========.26/07/2012 20:00:38, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DPMemGridVista mfehidk MPFP mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 ws2ifsl26/07/2012 01:02:39, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.26/07/2012 00:09:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}25/07/2012 20:40:46, Error: EventLog [6008] - The previous system shutdown at 20:38:42 on 25/07/2012 was unexpected.25/07/2012 20:34:42, Error: EventLog [6008] - The previous system shutdown at 20:33:09 on 25/07/2012 was unexpected.25/07/2012 19:41:59, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.25/07/2012 19:39:23, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.25/07/2012 19:36:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DPMemGridVista mfehidk MPFP mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl25/07/2012 19:36:36, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.25/07/2012 19:36:36, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.25/07/2012 19:32:57, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.25/07/2012 19:32:32, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found.25/07/2012 19:32:32, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed.25/07/2012 19:19:32, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.25/07/2012 02:06:02, Error: Service Control Manager [7003] - The Windows Media Player Network Sharing Service service depends the following service: UPnPHost. This service might not be installed.25/07/2012 00:13:33, Error: EventLog [6008] - The previous system shutdown at 00:12:05 on 25/07/2012 was unexpected.24/07/2012 22:59:58, Error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.24/07/2012 20:42:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DPMemGridVista mfehidk mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv624/07/2012 20:41:01, Error: EventLog [6008] - The previous system shutdown at 20:38:43 on 24/07/2012 was unexpected.24/07/2012 20:07:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DPMemGridVista mfehidk mwlPSDFilter mwlPSDNServ mwlPSDVDisk SASDIFSV SASKUTIL spldr Wanarpv624/07/2012 20:04:40, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DPMemGridVista mfehidk MPFP mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv624/07/2012 18:43:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}24/07/2012 18:43:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}24/07/2012 18:42:53, Error: Service Control Manager [7003] - The Virtual Disk service depends the following service: PlugPlay. This service might not be installed.24/07/2012 18:42:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1075" attempting to start the service vds with arguments "" in order to run the server: {7D1933CB-86F6-4A98-8628-01BE94C9A575}24/07/2012 18:41:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DPMemGridVista mfehidk MPFP mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv624/07/2012 18:41:18, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.24/07/2012 18:41:18, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.24/07/2012 18:40:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}24/07/2012 18:40:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}24/07/2012 18:40:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}24/07/2012 18:40:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}24/07/2012 18:40:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}23/07/2012 10:27:46, Error: Microsoft-Windows-TBS [16392] - An error occurred while starting the TBS. The error code was 0x8007000d.23/07/2012 10:26:07, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.23/07/2012 10:26:07, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.23/07/2012 10:25:18, Error: Service Control Manager [7024] - The ReadyBoost service terminated with service-specific error 0 (0x0).23/07/2012 10:25:18, Error: Service Control Manager [7023] - The WebClient service terminated with the following error: The system cannot find the file specified.23/07/2012 10:25:18, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: Operation aborted23/07/2012 10:25:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.23/07/2012 10:25:18, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.23/07/2012 10:25:18, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.23/07/2012 10:25:18, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.23/07/2012 10:25:18, Error: Service Control Manager [7003] - The Tablet PC Input Service service depends the following service: PlugPlay. This service might not be installed.23/07/2012 10:25:18, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.23/07/2012 10:25:18, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.23/07/2012 10:25:18, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.23/07/2012 10:25:18, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.23/07/2012 10:25:18, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted July 26, 2012 ID:577090 Share Posted July 26, 2012 Hello maggotkil and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Step 1Please uninstall the following application: Ask ToolbarStep 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 3Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply In your next reply, post the following log files:Malwarebytes' Anti-Malware logaswMBR log Link to post Share on other sites More sharing options...
Guest Posted July 26, 2012 ID:577105 Share Posted July 26, 2012 Hi Maniac, here are the logs.Malwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.03.05Windows Vista Service Pack 1 x86 NTFS (Safe Mode)Internet Explorer 8.0.6001.19088Katy :: KATY-PC [administrator]Protection: Disabled26/07/2012 21:40:47mbam-log-2012-07-26 (21-40-47).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 226195Time elapsed: 3 minute(s), 14 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-07-26 21:45:34-----------------------------21:45:34.036 OS Version: Windows 6.0.6001 Service Pack 121:45:34.036 Number of processors: 2 586 0x170A21:45:34.036 ComputerName: KATY-PC UserName: Katy21:45:35.456 Initialize success21:45:43.630 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-021:45:43.630 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 321:45:43.677 Disk 0 MBR read successfully21:45:43.677 Disk 0 MBR scan21:45:43.677 Disk 0 Windows VISTA default MBR code21:45:43.693 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 6321:45:43.708 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294999 MB offset 2098176021:45:43.708 Disk 0 scanning sectors +62513971221:45:43.755 Disk 0 scanning C:\Windows\system32\drivers21:45:49.792 Service scanning21:46:03.567 Modules scanning21:46:05.299 Disk 0 trace - called modules:21:46:05.330 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys21:46:05.330 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852b2348]21:46:05.330 3 CLASSPNP.SYS[89fa0745] -> nt!IofCallDriver -> [0x852fd2b8]21:46:05.346 5 acpi.sys[8069f6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85282ba0]21:46:05.346 Scan finished successfully21:49:57.130 Disk 0 MBR has been saved successfully to "C:\Users\Katy\Desktop\MBR.dat"21:49:57.146 The log file has been saved successfully to "C:\Users\Katy\Desktop\aswMBR1.txt" Link to post Share on other sites More sharing options...
Maniac Posted July 27, 2012 ID:577271 Share Posted July 27, 2012 Your Malwarebytes' Anti-Malware database is very-very old from 3th july, which is a lot, also I would like to be performed a scan in Normal mode, not in Safe mode. Please follow my instructions carefully. Link to post Share on other sites More sharing options...
Guest Posted July 27, 2012 ID:577407 Share Posted July 27, 2012 Okay i've manually updated the database to 27/07/2012, the problem is that I cannot run anything on normal mode.When I try to execute malwarebytes it get the message: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeThe specified service does not exist as an installed service. Link to post Share on other sites More sharing options...
Maniac Posted July 27, 2012 ID:577583 Share Posted July 27, 2012 Try this tool and then try to run Malwarebytes' Anti-Malware again:Please download exeHelper to your desktop.Double-click on exeHelper.com to run the fix.A black window should pop up, press any key to close once the fix is completed.Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan) Link to post Share on other sites More sharing options...
Guest Posted July 28, 2012 ID:577926 Share Posted July 28, 2012 I tried to run exehelper on normal mode but I got the same error message about the service not being installed. I ran it in safemode but I don't think it made any difference to normal mode as I still couldnt execute anything.exeHelper by RaktorBuild 20100414Run at 17:54:35 on 07/28/12Now searching...Checking for numerical processes...Checking for sysguard processes...Checking for bad processes...Checking for bad files...Checking for bad registry entries...Resetting filetype association for .exeResetting filetype association for .comResetting userinit and shell values...Resetting policies...--Finished-- Link to post Share on other sites More sharing options...
Maniac Posted July 30, 2012 ID:578411 Share Posted July 30, 2012 Do you have USB flash drive on hand? Link to post Share on other sites More sharing options...
Guest Posted July 30, 2012 ID:578598 Share Posted July 30, 2012 Yeah I've tried using a USB on it to try and get my files off, but the PC doesnt pick up any USB devices and device manager is blank. I've been using CD's to transfer. Link to post Share on other sites More sharing options...
Maniac Posted July 30, 2012 ID:578717 Share Posted July 30, 2012 Okay, could you try this:Download OTLPEStd.exe to your desktopEnsure that you have a blank CD in the driveDouble click OTLPEStd.exe and this will then open imgburn to burn the file to CDReboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps hereAs the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy Double-click on the OTLPE icon.Select the Windows folder of the infected drive if it asks for a locationWhen asked "Do you wish to load the remote registry", select YesWhen asked "Do you wish to load remote user profile(s) for scanning", select YesEnsure the box "Automatically Load All Remaining Users" is checked and press OKOTL should now start.Drag and drop this attached scan.txt into the Custom scans and fixes boxPress Run Scan to start the scan.When finished, the file will be saved in drive C:\OTL.txtCopy this file to your USB drive if you do not have internet connection on this system.Right click the file and select send to : select the USB drive. Confirm that it has copied to the USB drive by selecting itYou can backup any files that you wish from this OSPlease post the contents of the C:\OTL.txt file in your reply. Link to post Share on other sites More sharing options...
Guest Posted July 31, 2012 ID:579137 Share Posted July 31, 2012 I ran the scan but was a bit confused about step 13. Was there suppose to be a hyperlink? If so I'll run it again.OTL logfile created on: 7/31/2012 8:28:09 PM - RunOTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPEWindows Vista Home Premium Service Pack 1 (Version = 6.0.6001) - Type = SystemInternet Explorer (Version = 8.0.6001.19088)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 288.08 Gb Total Space | 192.92 Gb Free Space | 66.97% Space Free | Partition Type: NTFSDrive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: REATOGO | User Name: SYSTEMBoot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 DaysUsing ControlSet: ControlSet002========== Win32 Services (SafeList) ==========SRV - File not found [Auto] -- -- (SeaPort)SRV - File not found [On_Demand] -- -- (BBSvc)SRV - [2012/07/03 08:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/01/13 07:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)SRV - [2010/09/24 12:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)SRV - [2010/06/10 01:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)SRV - [2009/10/27 07:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)SRV - [2009/10/02 08:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)SRV - [2009/09/16 06:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)SRV - [2009/09/16 05:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)SRV - [2009/09/16 04:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)SRV - [2009/07/08 06:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)SRV - [2009/07/07 14:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)SRV - [2009/06/23 12:45:50 | 000,723,488 | ---- | M] (Acer Incorporated) [Disabled] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)SRV - [2009/05/14 18:03:30 | 000,305,448 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)SRV - [2009/04/14 12:48:50 | 000,075,048 | ---- | M] () [Disabled] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2007/06/07 11:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand] -- -- (PAC207)DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)DRV - File not found [Kernel | On_Demand] -- -- (catchme)DRV - [2012/07/03 08:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2010/07/15 10:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)DRV - [2009/09/16 05:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)DRV - [2009/09/16 05:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)DRV - [2009/09/16 05:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)DRV - [2009/09/16 05:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)DRV - [2009/09/16 05:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)DRV - [2009/06/23 02:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)DRV - [2009/01/14 23:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)DRV - [2008/12/04 13:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV - [2008/12/04 13:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)DRV - [2008/12/04 13:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV - [2008/09/30 23:50:50 | 000,010,504 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\GridVista\DPMemGridVista.sys -- (DPMemGridVista)DRV - [2005/06/24 13:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)DRV - [2005/05/26 06:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)DRV - [2005/05/26 06:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c105l0304zq45t47i2x236IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.localIE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKU\Katy_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not foundIE - HKU\Katy_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\Katy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\Katy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.localIE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKU\Other_People_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\Other_People_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not foundFF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/28 20:12:42 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/26 14:41:51 | 000,000,000 | ---D | M][2009/10/24 07:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions[2009/10/24 07:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com[2009/10/02 15:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.orgO1 HOSTS File: ([2012/07/25 20:32:46 | 000,442,781 | R--- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.0scan.comO1 - Hosts: 127.0.0.1 0scan.comO1 - Hosts: 127.0.0.1 1000gratisproben.comO1 - Hosts: 127.0.0.1 www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.comO1 - Hosts: 127.0.0.1 www.1001namen.comO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 1-2005-search.comO1 - Hosts: 127.0.0.1 www.1-2005-search.comO1 - Hosts: 15236 more lines...O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O3 - HKU\Katy_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O4 - HKU\Other_People_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)O4 - HKU\Other_People_ON_C..\Run: [syshost32] File not foundO4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)O4 - Startup: C:\Users\Other People\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not foundF3 - HKU\Other_People_ON_C WinNT: Load - (C:\Users\OTHERP~1\AppData\Local\Temp\{92573~1.EXE) - File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\Katy_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\Katy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\Other_People_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKU\Other_People_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)O24 - Desktop WallPaper:O24 - Desktop BackupWallPaper:O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2012/07/31 13:42:43 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\Katy\Desktop\OTLPEStd.exe[2012/07/28 16:20:07 | 000,000,000 | -H-D | C] -- C:\Windows\PIF[2012/07/27 11:36:38 | 007,151,488 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Katy\Desktop\mbam-rules.exe[2012/07/26 18:28:44 | 000,000,000 | ---D | C] -- C:\Users\Other People\Desktop\tools[2012/07/26 15:18:57 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\WinRAR[2012/07/26 15:18:56 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR[2012/07/26 15:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR[2012/07/26 15:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR[2012/07/26 15:02:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Katy\Desktop\dds.scr[2012/07/25 20:13:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Katy\Desktop\aswMBR.exe[2012/07/25 20:08:16 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Other People\Desktop\tdsskiller.exe[2012/07/25 20:00:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/07/25 19:55:00 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Katy\Desktop\tdsskiller.exe[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Local\temp[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Local\temp[2012/07/25 19:52:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/07/25 19:33:13 | 000,000,000 | ---D | C] -- C:\Users\Katy\Desktop\RK_Quarantine[2012/07/25 19:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group[2012/07/25 19:11:38 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller[2012/07/25 19:11:18 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Katy\Desktop\revosetup.exe[2012/07/25 15:28:09 | 012,621,696 | ---- | C] (Microsoft Corporation) -- C:\Users\Katy\Desktop\mseinstall.exe[2012/07/25 14:36:05 | 000,892,822 | ---- | C] (Farbar) -- C:\Users\Other People\Desktop\FRST.exe[2012/07/25 14:36:02 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Other People\Desktop\ComboFix.exe[2012/07/25 14:14:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/07/25 14:14:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/07/25 14:14:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/07/25 14:14:11 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/07/25 14:13:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2012/07/25 14:12:06 | 000,000,000 | ---D | C] -- C:\FRST[2012/07/25 14:11:53 | 000,892,822 | ---- | C] (Farbar) -- C:\Users\Katy\Desktop\FRST.exe[2012/07/25 14:11:51 | 004,585,817 | R--- | C] (Swearware) -- C:\Users\Katy\Desktop\ComboFix.exe[2012/07/25 12:16:02 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Roaming\SUPERAntiSpyware.com[2012/07/25 11:44:54 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Other People\Desktop\spybotsd162.exe[2012/07/24 21:07:08 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Roaming\Malwarebytes[2012/07/24 19:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy[2012/07/24 19:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy[2012/07/24 19:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy[2012/07/24 17:53:32 | 000,000,000 | ---D | C] -- C:\Windows\pss[2012/07/24 15:16:04 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Malwarebytes[2012/07/24 15:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/07/24 15:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2012/07/24 15:15:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2012/07/24 15:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2012/07/24 13:56:35 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\SUPERAntiSpyware.com[2012/07/24 13:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware[2012/07/24 13:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2012/07/24 13:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com[2012/07/24 13:55:37 | 018,570,448 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Katy\Desktop\SUPERAntiSpyware.exe[2012/07/24 13:55:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Katy\Desktop\spybotsd162.exe[2010/08/25 14:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll[2009/07/14 21:41:53 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/07/31 14:13:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/07/31 13:46:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2012/07/31 13:46:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2012/07/31 13:46:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/07/31 13:44:44 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata[2012/07/31 13:44:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/07/31 13:26:02 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\Katy\Desktop\OTLPEStd.exe[2012/07/31 13:23:16 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2012/07/31 13:23:16 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2012/07/28 12:34:02 | 000,294,400 | ---- | M] () -- C:\Users\Other People\Desktop\exeHelper.com[2012/07/28 12:34:02 | 000,294,400 | ---- | M] () -- C:\Users\Katy\Desktop\exeHelper.com[2012/07/27 11:30:46 | 007,151,488 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Katy\Desktop\mbam-rules.exe[2012/07/26 16:51:19 | 000,427,728 | ---- | M] () -- C:\Users\Katy\Desktop\Desktop.rar[2012/07/26 16:49:57 | 000,000,512 | ---- | M] () -- C:\Users\Katy\Desktop\MBR.dat[2012/07/26 15:20:12 | 000,426,233 | ---- | M] () -- C:\Users\Katy\Desktop\RK_Quarantine.rar[2012/07/26 15:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR[2012/07/26 15:17:09 | 001,517,376 | ---- | M] () -- C:\Users\Katy\Desktop\wrar420.exe[2012/07/26 15:09:56 | 000,007,529 | ---- | M] () -- C:\Users\Katy\Desktop\attach.zip[2012/07/26 14:25:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Katy\Desktop\dds.scr[2012/07/25 20:32:46 | 000,442,781 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts[2012/07/25 20:32:10 | 000,442,781 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120726-013246.backup[2012/07/25 20:11:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Katy\Desktop\aswMBR.exe[2012/07/25 19:45:52 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Other People\Desktop\tdsskiller.exe[2012/07/25 19:45:52 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Katy\Desktop\tdsskiller.exe[2012/07/25 19:30:41 | 001,552,384 | ---- | M] () -- C:\Users\Other People\Desktop\RogueKiller.exe[2012/07/25 19:30:41 | 001,552,384 | ---- | M] () -- C:\Users\Katy\Desktop\RogueKiller.exe[2012/07/25 19:11:38 | 000,001,061 | ---- | M] () -- C:\Users\Katy\Desktop\Revo Uninstaller.lnk[2012/07/25 19:09:40 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Katy\Desktop\revosetup.exe[2012/07/25 15:40:37 | 127,201,003 | ---- | M] () -- C:\Windows\MEMORY.DMP[2012/07/25 14:27:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120726-013210.backup[2012/07/25 14:18:59 | 012,621,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Katy\Desktop\mseinstall.exe[2012/07/25 14:18:06 | 000,302,592 | ---- | M] () -- C:\Users\Katy\Desktop\c84wjm22.exe[2012/07/25 14:10:31 | 004,585,817 | R--- | M] (Swearware) -- C:\Users\Katy\Desktop\ComboFix.exe[2012/07/25 14:10:31 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Other People\Desktop\ComboFix.exe[2012/07/25 13:12:23 | 000,892,822 | ---- | M] (Farbar) -- C:\Users\Other People\Desktop\FRST.exe[2012/07/25 13:12:23 | 000,892,822 | ---- | M] (Farbar) -- C:\Users\Katy\Desktop\FRST.exe[2012/07/25 13:11:56 | 000,001,356 | ---- | M] () -- C:\Users\Katy\AppData\Local\d3d9caps.dat[2012/07/24 19:23:32 | 006,925,416 | ---- | M] () -- C:\Users\Other People\Desktop\spybotsd_includes.exe[2012/07/24 19:23:32 | 006,925,416 | ---- | M] () -- C:\Users\Katy\Desktop\spybotsd_includes.exe[2012/07/24 19:19:57 | 000,249,908 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120725-002049.backup[2012/07/24 19:18:29 | 000,001,083 | ---- | M] () -- C:\Users\Katy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk[2012/07/24 19:18:29 | 000,001,059 | ---- | M] () -- C:\Users\Katy\Desktop\Spybot - Search & Destroy.lnk[2012/07/24 19:18:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy[2012/07/24 18:40:09 | 000,009,192 | ---- | M] () -- C:\Users\Katy\AppData\Roaming\wklnhst.dat[2012/07/24 17:56:52 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup[2012/07/24 17:53:37 | 000,032,553 | ---- | M] () -- C:\Windows\System32\Config.MPF[2012/07/24 15:15:29 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/07/24 15:15:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job[2012/07/24 13:56:33 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk[2012/07/24 13:56:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware[2012/07/13 20:49:52 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Other People\Desktop\spybotsd162.exe[2012/07/13 20:49:52 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Katy\Desktop\spybotsd162.exe[2012/07/13 20:01:10 | 018,570,448 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Katy\Desktop\SUPERAntiSpyware.exe[2012/07/03 08:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files Created - No Company Name ==========[2012/07/31 13:44:44 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata[2012/07/28 16:13:59 | 000,294,400 | ---- | C] () -- C:\Users\Other People\Desktop\exeHelper.com[2012/07/28 12:54:17 | 000,294,400 | ---- | C] () -- C:\Users\Katy\Desktop\exeHelper.com[2012/07/26 16:51:19 | 000,427,728 | ---- | C] () -- C:\Users\Katy\Desktop\Desktop.rar[2012/07/26 15:20:12 | 000,426,233 | ---- | C] () -- C:\Users\Katy\Desktop\RK_Quarantine.rar[2012/07/26 15:18:40 | 001,517,376 | ---- | C] () -- C:\Users\Katy\Desktop\wrar420.exe[2012/07/26 15:09:56 | 000,007,529 | ---- | C] () -- C:\Users\Katy\Desktop\attach.zip[2012/07/25 20:17:18 | 000,000,512 | ---- | C] () -- C:\Users\Katy\Desktop\MBR.dat[2012/07/25 19:37:30 | 001,552,384 | ---- | C] () -- C:\Users\Other People\Desktop\RogueKiller.exe[2012/07/25 19:33:08 | 001,552,384 | ---- | C] () -- C:\Users\Katy\Desktop\RogueKiller.exe[2012/07/25 19:11:38 | 000,001,061 | ---- | C] () -- C:\Users\Katy\Desktop\Revo Uninstaller.lnk[2012/07/25 15:28:01 | 000,302,592 | ---- | C] () -- C:\Users\Katy\Desktop\c84wjm22.exe[2012/07/25 14:14:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/07/25 14:14:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/07/25 14:14:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/07/25 14:14:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/07/25 14:14:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/07/25 11:44:46 | 006,925,416 | ---- | C] () -- C:\Users\Other People\Desktop\spybotsd_includes.exe[2012/07/24 19:25:35 | 006,925,416 | ---- | C] () -- C:\Users\Katy\Desktop\spybotsd_includes.exe[2012/07/24 19:18:29 | 000,001,083 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk[2012/07/24 19:18:29 | 000,001,059 | ---- | C] () -- C:\Users\Katy\Desktop\Spybot - Search & Destroy.lnk[2012/07/24 15:15:29 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/07/24 13:56:42 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job[2012/07/24 13:56:42 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job[2012/07/24 13:56:33 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk[2011/06/28 14:31:14 | 000,000,680 | ---- | C] () -- C:\Users\Other People\AppData\Local\d3d9caps.dat[2011/01/25 16:06:41 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin[2010/08/25 15:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin[2010/08/25 15:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin[2010/08/25 15:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin[2010/08/25 14:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config[2010/08/25 14:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll[2010/08/25 14:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll[2010/02/04 13:50:45 | 000,000,982 | ---- | C] () -- C:\Users\Other People\AppData\Roaming\wklnhst.dat[2010/01/18 08:18:27 | 000,124,488 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat[2009/11/08 06:10:29 | 000,001,356 | ---- | C] () -- C:\Users\Katy\AppData\Local\d3d9caps.dat[2009/10/31 08:15:07 | 000,020,480 | ---- | C] () -- C:\Users\Other People\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/10/31 07:32:48 | 000,000,120 | ---- | C] () -- C:\Users\Other People\AppData\Local\Tnoregobeyey.dat[2009/10/31 07:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Other People\AppData\Local\Vyiwutuyezev.bin[2009/10/24 08:35:52 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini[2009/10/22 11:43:25 | 000,024,064 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\UserTile.png[2009/10/03 12:35:28 | 000,024,064 | ---- | C] () -- C:\Users\Katy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/10/03 12:18:03 | 000,009,192 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\wklnhst.dat[2009/10/02 13:47:13 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini[2009/07/14 21:38:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll[2009/07/14 21:38:46 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat[2009/07/14 14:51:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat[2009/07/14 13:24:59 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin[2009/07/14 13:24:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin[2007/10/25 19:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2006/11/02 08:47:37 | 000,343,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll[2006/11/02 06:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat[2006/11/02 06:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat[2005/01/25 11:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\PA207USD.DLL[2003/08/18 10:55:48 | 000,086,016 | ---- | C] () -- C:\Windows\System32\LXBKIH.EXE[2003/08/18 10:46:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll[2002/09/13 11:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini[2001/01/19 15:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE========== LOP Check ==========[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Acer GameZone Console[2010/01/07 18:13:56 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\eSobi[2010/04/16 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\PlayFirst[2009/10/03 12:23:52 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\PowerCinema[2011/01/25 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Research In Motion[2009/10/03 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\SoftDMA[2009/10/08 11:05:29 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Template[2010/12/22 13:22:04 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Utherverse[2009/10/04 07:21:54 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Windows Live Writer[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Acer GameZone Console[2010/12/12 15:50:38 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\LimeWire[2009/11/14 15:58:29 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\PowerCinema[2011/02/06 13:32:27 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Research In Motion[2011/11/22 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\SoftDMA[2010/02/04 13:51:06 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Template[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents[2011/12/07 17:06:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Driving Test Success[2009/07/14 15:12:29 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec[2010/09/27 12:34:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts[2009/07/14 15:39:44 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites[2011/12/07 17:07:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Hazard Perception Training[2009/11/15 16:28:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games[2010/04/16 15:45:10 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst[2010/02/10 18:00:30 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games[2011/01/25 15:48:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Research In Motion[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu[2009/10/02 13:47:42 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft[2011/03/04 18:16:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates[2010/04/12 15:12:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}[2009/10/02 14:07:55 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}[2009/11/14 20:59:59 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job[2009/10/22 13:20:55 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job[2012/07/31 13:44:45 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F7862839@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DCAF903C@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:03D08225@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CDFF58FE@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4F636E25@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E1982A23@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:814B9485@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4< End of report > Link to post Share on other sites More sharing options...
Maniac Posted August 2, 2012 ID:579840 Share Posted August 2, 2012 Good! Start OTLPE as you did previously from CDCopy the attached Fix.txt to a USBInsert your USB drive with fix.txt on itStart OTLPEDrag and drop fix.txt into the Custom scans and fixes boxIf you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive Then click the Run Fix button at the topLet the program run unhindered, reboot when it is done to normal mode if possibleThen post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )fix.txt Link to post Share on other sites More sharing options...
Guest Posted August 2, 2012 ID:579920 Share Posted August 2, 2012 Okay i've run the scan with the file.OTL logfile created on: 8/2/2012 10:24:50 PM - RunOTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPEWindows Vista Home Premium Service Pack 1 (Version = 6.0.6001) - Type = SystemInternet Explorer (Version = 8.0.6001.19088)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 288.08 Gb Total Space | 190.05 Gb Free Space | 65.97% Space Free | Partition Type: NTFSDrive D: | 3.76 Gb Total Space | 3.28 Gb Free Space | 87.32% Space Free | Partition Type: FAT32Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: REATOGO | User Name: SYSTEMBoot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 DaysUsing ControlSet: ControlSet002========== Win32 Services (SafeList) ==========SRV - File not found [Auto] -- -- (SeaPort)SRV - File not found [On_Demand] -- -- (BBSvc)SRV - [2012/07/03 08:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/01/13 07:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)SRV - [2010/09/24 12:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)SRV - [2010/06/10 01:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)SRV - [2009/10/27 07:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)SRV - [2009/10/02 08:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)SRV - [2009/09/16 06:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)SRV - [2009/09/16 05:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)SRV - [2009/09/16 04:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)SRV - [2009/07/08 06:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)SRV - [2009/07/07 14:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)SRV - [2009/06/23 12:45:50 | 000,723,488 | ---- | M] (Acer Incorporated) [Disabled] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)SRV - [2009/05/14 18:03:30 | 000,305,448 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)SRV - [2009/04/14 12:48:50 | 000,075,048 | ---- | M] () [Disabled] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2007/06/07 11:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand] -- -- (PAC207)DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)DRV - File not found [Kernel | On_Demand] -- -- (catchme)DRV - [2012/07/03 08:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2010/07/15 10:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)DRV - [2009/09/16 05:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)DRV - [2009/09/16 05:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)DRV - [2009/09/16 05:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)DRV - [2009/09/16 05:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)DRV - [2009/09/16 05:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)DRV - [2009/06/23 02:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)DRV - [2009/01/14 23:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)DRV - [2008/12/04 13:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV - [2008/12/04 13:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)DRV - [2008/12/04 13:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV - [2008/09/30 23:50:50 | 000,010,504 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\GridVista\DPMemGridVista.sys -- (DPMemGridVista)DRV - [2005/06/24 13:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)DRV - [2005/05/26 06:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)DRV - [2005/05/26 06:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c105l0304zq45t47i2x236IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.localIE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKU\Katy_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not foundIE - HKU\Katy_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\Katy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\Katy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.localIE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKU\Other_People_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\Other_People_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not foundFF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/28 20:12:42 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/26 14:41:51 | 000,000,000 | ---D | M][2009/10/24 07:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions[2009/10/24 07:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com[2009/10/02 15:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.orgO1 HOSTS File: ([2012/07/25 20:32:46 | 000,442,781 | R--- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.0scan.comO1 - Hosts: 127.0.0.1 0scan.comO1 - Hosts: 127.0.0.1 1000gratisproben.comO1 - Hosts: 127.0.0.1 www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.comO1 - Hosts: 127.0.0.1 www.1001namen.comO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 1-2005-search.comO1 - Hosts: 127.0.0.1 www.1-2005-search.comO1 - Hosts: 15236 more lines...O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O3 - HKU\Katy_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O4 - HKU\Other_People_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)O4 - HKU\Other_People_ON_C..\Run: [syshost32] File not foundO4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)O4 - Startup: C:\Users\Other People\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not foundF3 - HKU\Other_People_ON_C WinNT: Load - (C:\Users\OTHERP~1\AppData\Local\Temp\{92573~1.EXE) - File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\Katy_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\Katy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\Other_People_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKU\Other_People_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)O24 - Desktop WallPaper:O24 - Desktop BackupWallPaper:O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2012/07/31 13:42:43 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\Katy\Desktop\OTLPEStd.exe[2012/07/28 16:20:07 | 000,000,000 | -H-D | C] -- C:\Windows\PIF[2012/07/27 11:36:38 | 007,151,488 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Katy\Desktop\mbam-rules.exe[2012/07/26 18:28:44 | 000,000,000 | ---D | C] -- C:\Users\Other People\Desktop\tools[2012/07/26 15:18:57 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\WinRAR[2012/07/26 15:18:56 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR[2012/07/26 15:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR[2012/07/26 15:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR[2012/07/26 15:02:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Katy\Desktop\dds.scr[2012/07/25 20:13:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Katy\Desktop\aswMBR.exe[2012/07/25 20:08:16 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Other People\Desktop\tdsskiller.exe[2012/07/25 20:00:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/07/25 19:55:00 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Katy\Desktop\tdsskiller.exe[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Local\temp[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Local\temp[2012/07/25 19:52:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/07/25 19:33:13 | 000,000,000 | ---D | C] -- C:\Users\Katy\Desktop\RK_Quarantine[2012/07/25 19:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group[2012/07/25 19:11:38 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller[2012/07/25 19:11:18 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Katy\Desktop\revosetup.exe[2012/07/25 15:28:09 | 012,621,696 | ---- | C] (Microsoft Corporation) -- C:\Users\Katy\Desktop\mseinstall.exe[2012/07/25 14:36:05 | 000,892,822 | ---- | C] (Farbar) -- C:\Users\Other People\Desktop\FRST.exe[2012/07/25 14:36:02 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Other People\Desktop\ComboFix.exe[2012/07/25 14:14:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/07/25 14:14:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/07/25 14:14:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/07/25 14:14:11 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/07/25 14:13:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2012/07/25 14:12:06 | 000,000,000 | ---D | C] -- C:\FRST[2012/07/25 14:11:53 | 000,892,822 | ---- | C] (Farbar) -- C:\Users\Katy\Desktop\FRST.exe[2012/07/25 14:11:51 | 004,585,817 | R--- | C] (Swearware) -- C:\Users\Katy\Desktop\ComboFix.exe[2012/07/25 12:16:02 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Roaming\SUPERAntiSpyware.com[2012/07/25 11:44:54 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Other People\Desktop\spybotsd162.exe[2012/07/24 21:07:08 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Roaming\Malwarebytes[2012/07/24 19:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy[2012/07/24 19:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy[2012/07/24 19:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy[2012/07/24 17:53:32 | 000,000,000 | ---D | C] -- C:\Windows\pss[2012/07/24 15:16:04 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Malwarebytes[2012/07/24 15:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/07/24 15:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2012/07/24 15:15:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2012/07/24 15:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2012/07/24 13:56:35 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\SUPERAntiSpyware.com[2012/07/24 13:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware[2012/07/24 13:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2012/07/24 13:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com[2012/07/24 13:55:37 | 018,570,448 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Katy\Desktop\SUPERAntiSpyware.exe[2012/07/24 13:55:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Katy\Desktop\spybotsd162.exe[2010/08/25 14:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll[2009/07/14 21:41:53 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/08/01 11:04:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/08/01 11:04:33 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\McQcTask.job[2012/08/01 11:04:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/07/31 17:02:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/07/31 17:01:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2012/07/31 17:01:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2012/07/31 17:01:41 | 3147,800,576 | -HS- | M] () -- C:\hiberfil.sys[2012/07/31 13:26:02 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\Katy\Desktop\OTLPEStd.exe[2012/07/31 13:23:16 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2012/07/31 13:23:16 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2012/07/28 12:34:02 | 000,294,400 | ---- | M] () -- C:\Users\Other People\Desktop\exeHelper.com[2012/07/28 12:34:02 | 000,294,400 | ---- | M] () -- C:\Users\Katy\Desktop\exeHelper.com[2012/07/27 11:30:46 | 007,151,488 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Katy\Desktop\mbam-rules.exe[2012/07/26 16:51:19 | 000,427,728 | ---- | M] () -- C:\Users\Katy\Desktop\Desktop.rar[2012/07/26 16:49:57 | 000,000,512 | ---- | M] () -- C:\Users\Katy\Desktop\MBR.dat[2012/07/26 15:20:12 | 000,426,233 | ---- | M] () -- C:\Users\Katy\Desktop\RK_Quarantine.rar[2012/07/26 15:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR[2012/07/26 15:17:09 | 001,517,376 | ---- | M] () -- C:\Users\Katy\Desktop\wrar420.exe[2012/07/26 15:09:56 | 000,007,529 | ---- | M] () -- C:\Users\Katy\Desktop\attach.zip[2012/07/26 14:25:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Katy\Desktop\dds.scr[2012/07/25 20:32:46 | 000,442,781 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts[2012/07/25 20:32:10 | 000,442,781 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120726-013246.backup[2012/07/25 20:11:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Katy\Desktop\aswMBR.exe[2012/07/25 19:45:52 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Other People\Desktop\tdsskiller.exe[2012/07/25 19:45:52 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Katy\Desktop\tdsskiller.exe[2012/07/25 19:30:41 | 001,552,384 | ---- | M] () -- C:\Users\Other People\Desktop\RogueKiller.exe[2012/07/25 19:30:41 | 001,552,384 | ---- | M] () -- C:\Users\Katy\Desktop\RogueKiller.exe[2012/07/25 19:11:38 | 000,001,061 | ---- | M] () -- C:\Users\Katy\Desktop\Revo Uninstaller.lnk[2012/07/25 19:09:40 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Katy\Desktop\revosetup.exe[2012/07/25 15:40:37 | 127,201,003 | ---- | M] () -- C:\Windows\MEMORY.DMP[2012/07/25 14:27:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120726-013210.backup[2012/07/25 14:18:59 | 012,621,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Katy\Desktop\mseinstall.exe[2012/07/25 14:18:06 | 000,302,592 | ---- | M] () -- C:\Users\Katy\Desktop\c84wjm22.exe[2012/07/25 14:10:31 | 004,585,817 | R--- | M] (Swearware) -- C:\Users\Katy\Desktop\ComboFix.exe[2012/07/25 14:10:31 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Other People\Desktop\ComboFix.exe[2012/07/25 13:12:23 | 000,892,822 | ---- | M] (Farbar) -- C:\Users\Other People\Desktop\FRST.exe[2012/07/25 13:12:23 | 000,892,822 | ---- | M] (Farbar) -- C:\Users\Katy\Desktop\FRST.exe[2012/07/25 13:11:56 | 000,001,356 | ---- | M] () -- C:\Users\Katy\AppData\Local\d3d9caps.dat[2012/07/24 19:23:32 | 006,925,416 | ---- | M] () -- C:\Users\Other People\Desktop\spybotsd_includes.exe[2012/07/24 19:23:32 | 006,925,416 | ---- | M] () -- C:\Users\Katy\Desktop\spybotsd_includes.exe[2012/07/24 19:19:57 | 000,249,908 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120725-002049.backup[2012/07/24 19:18:29 | 000,001,083 | ---- | M] () -- C:\Users\Katy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk[2012/07/24 19:18:29 | 000,001,059 | ---- | M] () -- C:\Users\Katy\Desktop\Spybot - Search & Destroy.lnk[2012/07/24 19:18:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy[2012/07/24 18:40:09 | 000,009,192 | ---- | M] () -- C:\Users\Katy\AppData\Roaming\wklnhst.dat[2012/07/24 17:56:52 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup[2012/07/24 17:53:37 | 000,032,553 | ---- | M] () -- C:\Windows\System32\Config.MPF[2012/07/24 15:15:29 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/07/24 15:15:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job[2012/07/24 13:56:33 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk[2012/07/24 13:56:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware[2012/07/13 20:49:52 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Other People\Desktop\spybotsd162.exe[2012/07/13 20:49:52 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Katy\Desktop\spybotsd162.exe[2012/07/13 20:01:10 | 018,570,448 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Katy\Desktop\SUPERAntiSpyware.exe[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files Created - No Company Name ==========[2012/07/31 17:01:41 | 3147,800,576 | -HS- | C] () -- C:\hiberfil.sys[2012/07/28 16:13:59 | 000,294,400 | ---- | C] () -- C:\Users\Other People\Desktop\exeHelper.com[2012/07/28 12:54:17 | 000,294,400 | ---- | C] () -- C:\Users\Katy\Desktop\exeHelper.com[2012/07/26 16:51:19 | 000,427,728 | ---- | C] () -- C:\Users\Katy\Desktop\Desktop.rar[2012/07/26 15:20:12 | 000,426,233 | ---- | C] () -- C:\Users\Katy\Desktop\RK_Quarantine.rar[2012/07/26 15:18:40 | 001,517,376 | ---- | C] () -- C:\Users\Katy\Desktop\wrar420.exe[2012/07/26 15:09:56 | 000,007,529 | ---- | C] () -- C:\Users\Katy\Desktop\attach.zip[2012/07/25 20:17:18 | 000,000,512 | ---- | C] () -- C:\Users\Katy\Desktop\MBR.dat[2012/07/25 19:37:30 | 001,552,384 | ---- | C] () -- C:\Users\Other People\Desktop\RogueKiller.exe[2012/07/25 19:33:08 | 001,552,384 | ---- | C] () -- C:\Users\Katy\Desktop\RogueKiller.exe[2012/07/25 19:11:38 | 000,001,061 | ---- | C] () -- C:\Users\Katy\Desktop\Revo Uninstaller.lnk[2012/07/25 15:28:01 | 000,302,592 | ---- | C] () -- C:\Users\Katy\Desktop\c84wjm22.exe[2012/07/25 14:14:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/07/25 14:14:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/07/25 14:14:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/07/25 14:14:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/07/25 14:14:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/07/25 11:44:46 | 006,925,416 | ---- | C] () -- C:\Users\Other People\Desktop\spybotsd_includes.exe[2012/07/24 19:25:35 | 006,925,416 | ---- | C] () -- C:\Users\Katy\Desktop\spybotsd_includes.exe[2012/07/24 19:18:29 | 000,001,083 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk[2012/07/24 19:18:29 | 000,001,059 | ---- | C] () -- C:\Users\Katy\Desktop\Spybot - Search & Destroy.lnk[2012/07/24 15:15:29 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/07/24 13:56:42 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job[2012/07/24 13:56:42 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job[2012/07/24 13:56:33 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk[2011/06/28 14:31:14 | 000,000,680 | ---- | C] () -- C:\Users\Other People\AppData\Local\d3d9caps.dat[2011/01/25 16:06:41 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin[2010/08/25 15:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin[2010/08/25 15:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin[2010/08/25 15:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin[2010/08/25 14:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config[2010/08/25 14:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll[2010/08/25 14:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll[2010/02/04 13:50:45 | 000,000,982 | ---- | C] () -- C:\Users\Other People\AppData\Roaming\wklnhst.dat[2010/01/18 08:18:27 | 000,124,488 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat[2009/11/08 06:10:29 | 000,001,356 | ---- | C] () -- C:\Users\Katy\AppData\Local\d3d9caps.dat[2009/10/31 08:15:07 | 000,020,480 | ---- | C] () -- C:\Users\Other People\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/10/31 07:32:48 | 000,000,120 | ---- | C] () -- C:\Users\Other People\AppData\Local\Tnoregobeyey.dat[2009/10/31 07:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Other People\AppData\Local\Vyiwutuyezev.bin[2009/10/24 08:35:52 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini[2009/10/22 11:43:25 | 000,024,064 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\UserTile.png[2009/10/03 12:35:28 | 000,024,064 | ---- | C] () -- C:\Users\Katy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/10/03 12:18:03 | 000,009,192 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\wklnhst.dat[2009/10/02 13:47:13 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini[2009/07/14 21:38:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll[2009/07/14 21:38:46 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat[2009/07/14 14:51:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat[2009/07/14 13:24:59 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin[2009/07/14 13:24:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin[2007/10/25 19:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2006/11/02 08:47:37 | 000,343,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll[2006/11/02 06:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat[2006/11/02 06:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat[2005/01/25 11:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\PA207USD.DLL[2003/08/18 10:55:48 | 000,086,016 | ---- | C] () -- C:\Windows\System32\LXBKIH.EXE[2003/08/18 10:46:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll[2002/09/13 11:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini[2001/01/19 15:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE========== LOP Check ==========[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Acer GameZone Console[2010/01/07 18:13:56 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\eSobi[2010/04/16 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\PlayFirst[2009/10/03 12:23:52 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\PowerCinema[2011/01/25 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Research In Motion[2009/10/03 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\SoftDMA[2009/10/08 11:05:29 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Template[2010/12/22 13:22:04 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Utherverse[2009/10/04 07:21:54 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Windows Live Writer[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Acer GameZone Console[2010/12/12 15:50:38 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\LimeWire[2009/11/14 15:58:29 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\PowerCinema[2011/02/06 13:32:27 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Research In Motion[2011/11/22 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\SoftDMA[2010/02/04 13:51:06 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Template[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents[2011/12/07 17:06:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Driving Test Success[2009/07/14 15:12:29 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec[2010/09/27 12:34:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts[2009/07/14 15:39:44 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites[2011/12/07 17:07:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Hazard Perception Training[2009/11/15 16:28:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games[2010/04/16 15:45:10 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst[2010/02/10 18:00:30 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games[2011/01/25 15:48:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Research In Motion[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu[2009/10/02 13:47:42 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft[2011/03/04 18:16:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates[2010/04/12 15:12:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}[2009/10/02 14:07:55 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}[2009/11/14 20:59:59 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job[2012/08/01 11:04:33 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job[2012/07/31 13:44:45 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job========== Purity Check ==================== Custom Scans ==========< :OTL >< IE - HKU\Katy_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found >< O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >< O3 - HKU\Katy_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >< O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. >< O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >< O4 - HKU\Other_People_ON_C..\Run: [syshost32] File not found >< F3 - HKU\Other_People_ON_C WinNT: Load - (C:\Users\OTHERP~1\AppData\Local\Temp\{92573~1.EXE) - File not found >< [2009/10/31 07:32:48 | 000,000,120 | ---- | C] () -- C:\Users\Other People\AppData\Local\Tnoregobeyey.dat >Invalid Switch: 31 07:32:48 | 000,000,120 | ---- | C] () -- C:\Users\Other People\AppData\Local\Tnoregobeyey.dat< [2009/10/31 07:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Other People\AppData\Local\Vyiwutuyezev.bin >Invalid Switch: 31 07:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Other People\AppData\Local\Vyiwutuyezev.bin< :files >< ipconfig /flushdns /c >Windows IP Configuration< :Commands >< [resethosts] >< [emptytemp] >========== Restore Points Found ==================== Alternate Data Streams ==========@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F7862839@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DCAF903C@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:03D08225@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CDFF58FE@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4F636E25@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E1982A23@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:814B9485@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4< End of report > Link to post Share on other sites More sharing options...
Guest Posted August 2, 2012 ID:579961 Share Posted August 2, 2012 Can't load my OS now Link to post Share on other sites More sharing options...
Maniac Posted August 3, 2012 ID:580197 Share Posted August 3, 2012 Your script was not activated. Please try again, but make sure the script in OTL looks the same as here::OTLIE - HKU\Katy_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not foundO3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O3 - HKU\Katy_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O4 - HKU\Other_People_ON_C..\Run: [syshost32] File not foundF3 - HKU\Other_People_ON_C WinNT: Load - (C:\Users\OTHERP~1\AppData\Local\Temp\{92573~1.EXE) - File not found[2009/10/31 07:32:48 | 000,000,120 | ---- | C] () -- C:\Users\Other People\AppData\Local\Tnoregobeyey.dat[2009/10/31 07:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Other People\AppData\Local\Vyiwutuyezev.bin:filesipconfig /flushdns /c:Commands[resethosts][emptytemp][clearallrestorepoints] Link to post Share on other sites More sharing options...
Guest Posted August 7, 2012 ID:581833 Share Posted August 7, 2012 I think the virus has won, looks like im just gonna have to format the disk. Thanks for your help anyway. Link to post Share on other sites More sharing options...
Maniac Posted August 7, 2012 ID:581847 Share Posted August 7, 2012 If you have not given up have another option for you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 14, 2012 ID:584988 Share Posted August 14, 2012 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts