Jump to content

mbam detects approx 8000 entries, cant delete coz of c++ runtime error


Recommended Posts

Hello. 

I am a regular pc user who needs help. 

Lately, i am experiencing frequent crashes and slow computer performance. i suspect that i am infected and searched for programs that will help. i stumbled upon mbam. i installed it, i run it, i detect approx 8000 entries (mostly PUP....junk) however, when i try to clear the cache, there is a dialog bx that pops up and it says c++ runtime library error or something like that...that this program requested to terminate in an unusual way (u know these things guys). this error would stop the clearing and would not delete the malware. what should i do?

 

i also found out that in order to help, u request 'these'

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.21352
Run by PAUL at 20:05:46 on 2013-10-02
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1791.542 [GMT 8:00]
.
AV: nProtect GameGuard Personal 3.0 *Enabled/Updated* {7D36BE97-9969-4C9F-9DC1-282DB4E1FBEA}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* 
FW: nProtect GameGuard Personal 3.0 *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Users\PAUL\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - 
dURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - 
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - 
TB: QT Tab Standard Buttons: {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - 
TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - 
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - 
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [E09AXLRD_809671] "c:\program files\microsoft encarta\encarta premium dvd 2009\EDICT.EXE" -m
uRun: [L09AXLRD_1338015] "c:\program files\microsoft student\microsoft student with encarta premium 2009 dvd\EDICT.EXE" -m
uRun: [Google Update] "c:\users\paul\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [GarenaPlus] "c:\program files\garena plus\GarenaMessenger.exe" -autolaunch
uRun: [AVG-Secure-Search-Update_JUNE2013_TB] "c:\program files\avg secure search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
uRun: [steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Wondershare Helper Compact] "c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [VisualTaskTips] c:\windows\system32\visualtasktips.exe
dRun: [TopDesk] c:\windows\system32\topdesk.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{56139E19-0DB2-48E5-8E89-576401260ACA} : DHCPNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2011-1-15 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-1-15 52872]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-1-15 29712]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-17 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-10-17 440392]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-10-17 440392]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-10-17 1164360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-17 89376]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-1 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-1 701512]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2007-12-13 50984]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-1-15 30104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-1 22856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 avg9emc;AVG E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S2 avgfws9;AVG Firewall;"c:\program files\avg\avg9\avgfws9.exe" --> c:\program files\avg\avg9\avgfws9.exe [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-15 5897808]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2007-12-28 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-15 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-10-26 100368]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-1-15 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;\??\c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\avgidsdriver.sys --> c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [?]
S3 AVGIDSFilterxpx;AVG9IDSFilter;\??\c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\avgidsfilter.sys --> c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [?]
S3 AVGIDSShimxpx;AVG9IDSShim;\??\c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\avgidsshim.sys --> c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-1-15 102656]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-2 40776]
S3 NPFW;NPFW;\??\c:\windows\system32\npfw.sys --> c:\windows\system32\NPFW.SYS [?]
S3 NPFWFLT;NPFWFLT;\??\c:\windows\system32\npfwflt.sys --> c:\windows\system32\NPFWFLT.SYS [?]
S3 NPIDS;NPIDS;\??\c:\windows\system32\npids.sys --> c:\windows\system32\NPIDS.SYS [?]
S3 TKCtrl;TKCtrl;\??\c:\windows\system32\tkctrl2k.sys --> c:\windows\system32\TKCtrl2k.sys [?]
S3 TKFsAvM;TKFsAvM;\??\c:\windows\system32\tkfsav.sys --> c:\windows\system32\TKFsAv.sys [?]
S3 TkFsFtM;MiniFilter Driver;c:\windows\system32\tkfsft.sys --> c:\windows\system32\TKFsFt.sys [?]
S3 TKFW;TKFW;c:\windows\system32\TKFW.sys [2012-1-14 160832]
S3 TKFWFLT;TKFWFLT;c:\windows\system32\tkfwflt.sys [2012-1-14 82272]
S3 TKIDS;TKIDS;c:\windows\system32\tkids.sys [2012-1-14 134464]
S3 TKPcFt;TKPcFt;\??\c:\windows\system32\tkpcfthk.sys --> c:\windows\system32\TKPcFtHk.sys [?]
.
=============== Created Last 30 ================
.
2019-09-25 22:40:30 20480 -c--a-w- c:\windows\system32\APITypes.dll
2013-10-01 17:36:24 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-01 08:41:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-01 08:41:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-30 10:01:44 -------- d-----w- c:\users\all users\application data\Nexon
2013-09-30 09:51:41 -------- d-----w- c:\program files\Wizet
2013-09-28 03:09:07 -------- d-----w- c:\users\paul\local settings\application data\PMB Files
2013-09-28 03:08:57 -------- d-----w- c:\users\all users\application data\PMB Files
2013-09-25 13:38:00 -------- d-----w- c:\program files\iPod
2013-09-25 13:37:49 -------- d-----w- c:\users\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-25 13:37:49 -------- d-----w- c:\program files\iTunes
2013-09-20 05:31:29 -------- d-----w- c:\users\paul\local settings\application data\iLivid
2013-09-16 15:14:34 23003252 ----a-w- c:\users\paul\vlc-2.0.8-win32.exe
2013-09-16 13:53:38 -------- d-----w- c:\users\paul\local settings\application data\Wondershare
2013-09-16 13:53:38 -------- d-----w- c:\program files\common files\Wondershare
2013-09-16 13:53:26 -------- d-----w- c:\users\paul\application data\Wondershare
2013-09-16 13:53:23 -------- d-----w- c:\program files\Wondershare
2013-09-14 07:09:20 -------- d-----w- c:\users\paul\local settings\application data\Mendeley Ltd
2013-09-11 08:34:44 -------- d-----w- C:\ab1630496bb8f16563a8def8
2013-09-07 14:26:35 -------- d-----w- c:\users\paul\application data\Malwarebytes
2013-09-07 14:25:01 -------- d-----w- c:\users\all users\application data\Malwarebytes
.
==================== Find3M  ====================
.
2013-10-01 08:31:11 89376 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-10-01 08:31:11 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 06:18:38 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
2013-08-02 17:18:58 841216 ----a-w- c:\windows\system32\wininet.dll
2013-08-02 17:18:58 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-02 17:18:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-08-02 17:18:57 17408 ----a-w- c:\windows\system32\corpol.dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-06-15 04:53:27 1422032896 ----a-w- c:\program files\GarenaHoN_3010200.exe
.
============= FINISH: 20:06:21.14 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/15/2011 12:23:24 AM
System Uptime: 10/2/2013 7:56:39 PM (1 hours ago)
.
Motherboard: MSI |  | K9N6PGM2-V2 (MS-7309)
Processor: AMD Athlon II X2 245 Processor | CPU1 | 2913/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 215 GiB total, 107.887 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.1
Adobe Setup
Adobe Shockwave Player 12.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Alky for Applications (Windows XP)
AMD Processor Driver
Amnesia - The Dark Descent 
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Bonjour
Darksiders II
Delta Chrome Toolbar
Delta toolbar  
Dragon Nest SEA
EAX Unified (SHELL)
File Type Assistant
Free Download Manager 3.9.2
Gadget Installer
Garena - League of Legends
Garena Plus
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
iTunes
Java 6 Update 3
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStorySEA version 1.33
Microsoft .NET Framework (English)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Student 2007 for Learning Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft XML Parser
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
My Web Search (Smiley Central)
Nero 8
Next Generation Visualisations
nProtect Security Platform
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nView Desktop Manager
NVIDIA PhysX
Pando Media Booster
PDF Settings
Realtek High Definition Audio Driver
Search-Results Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2792100)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB2809289)
Security Update for Windows Internet Explorer 7 (KB2817183)
Security Update for Windows Internet Explorer 7 (KB2829530)
Security Update for Windows Internet Explorer 7 (KB2838727)
Security Update for Windows Internet Explorer 7 (KB2846071)
Security Update for Windows Internet Explorer 7 (KB2862772)
Security Update for Windows Internet Explorer 7 (KB2870699)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Steam
Sun Broadband Wireless
swMSM
The Elder Scrolls V: SKYRIM
The Elder Scrolls V: Skyrim Hearthfire DLC
The Elder Scrolls V: SKYRIM Update 1 + Crack
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Windows XP (KB2345886)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VLC media player 2.0.8
WebFldrs XP
Windows Defender
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
WinRAR archiver
Wondershare MobileGo for iOS ( Version 3.2.0 )
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
.
==== End Of File ===========================
 
 
Link to post
Share on other sites

Hello paulyap! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

I notice that you are using more than one antivirus program.

  • Avira Free Antivirus
  • nProtect Security Platform
  • This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. I recommend you to uninstall nProtect Security Platform .

    Also, please uninstall the following applications:

    Ask Toolbar

    Avira SearchFree Toolbar plus Web Protection Updater

    Delta Chrome Toolbar

    Delta toolbar

    My Web Search (Smiley Central)

    Search-Results Toolbar

    When you are ready, reboot your computer.

    Step 2

    Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 3

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Clean.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    Step 4
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Tnx for the immediate reply.

I would like to say a few things

I am not successful in finding the nprotect security platform under the add or remove programs even in the search option on the start menu

Same problem w/ ask toolbar

Another, i accidentally posted this thread 2 times. On my other thread, a man named kevin (under his name says trusted advisor) recommends i install adwcleaner.exe first. What should i do?

Link to post
Share on other sites

still i was unable to find the nprotect security platform

however, i found out that this program comes in bundle with games. i believe i have acquired this by installing grandchase which for some reasons i couldnt accomplish, i deleted the files i have downloaded. also i have no recent memory that this nprotect security platform worked within these past few months

 

another. still couldnt find the ask toolbar to delete it. however, i found a folder 'ask.com' it contains genericasktoolbar.dll...it seems to be related to avira search free toolbar. however, when i try to uninstall it, there is always an error that pops up, making me unsuccessful...what should i do

Link to post
Share on other sites

It shouldn't be take that that long.

Please run this tool:

http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Then reboot your computer. After reboot please remove these folders*:

Windows XP/2000:

C:\Program Files\AVG or C:\Program files(x86)\AVG (for 64bit OS)

C:\Documents and settings\All users\Application data\AVG9

When you are ready, try to scan with Malwarebytes' Anti-Malware again.

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

gonna make 2 posts...site says post_too_long


OTL logfile created on: 10/8/2013 9:13:37 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads\Software

Windows XP Media Center Edition Service Pack 3, v.6419 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.75 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 35.76% Memory free

3.60 Gb Paging File | 2.06 Gb Available in Paging File | 57.12% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 214.84 Gb Total Space | 123.40 Gb Free Space | 57.44% Space Free | Partition Type: NTFS

 

Computer Name: PAUL-D39F57A0EC | User Name: PAUL | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/10/08 21:13:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe

PRC - [2013/10/05 08:54:56 | 001,813,928 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe

PRC - [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2013/10/01 16:31:07 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2013/10/01 16:30:42 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2013/10/01 16:30:41 | 000,431,688 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2013/10/01 16:30:37 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2013/10/01 16:30:36 | 000,681,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2013/09/28 11:08:45 | 004,287,536 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe

PRC - [2013/09/27 14:22:04 | 009,866,032 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exe

PRC - [2013/07/13 22:43:12 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

PRC - [2013/07/13 22:08:31 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Users\PAUL\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe

PRC - [2013/05/04 10:27:56 | 001,694,208 | ---- | M] (Wondershare) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/01/16 23:06:36 | 006,860,288 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe

PRC - [2010/01/21 01:52:14 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

PRC - [2010/01/21 01:52:12 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

PRC - [2008/01/31 20:54:40 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/12/13 22:02:20 | 000,050,984 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe

PRC - [2007/12/13 22:02:10 | 001,442,600 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/10/05 08:54:58 | 001,121,704 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll

MOD - [2013/10/03 14:03:05 | 000,415,184 | ---- | M] () -- C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll

MOD - [2013/10/03 14:03:04 | 013,611,984 | ---- | M] () -- C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll

MOD - [2013/10/03 14:03:03 | 004,055,504 | ---- | M] () -- C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\pdf.dll

MOD - [2013/10/03 14:02:09 | 001,604,560 | ---- | M] () -- C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll

MOD - [2013/09/29 16:31:24 | 000,868,656 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\ggplugin.dll

MOD - [2013/09/29 16:31:19 | 000,027,952 | ---- | M] () -- C:\Program Files\Garena Plus\VersionModule.dll

MOD - [2013/09/28 11:08:45 | 004,287,536 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe

MOD - [2013/09/27 14:22:04 | 009,866,032 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exe

MOD - [2013/09/20 19:12:15 | 000,956,208 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll

MOD - [2013/09/11 06:20:56 | 020,625,832 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll

MOD - [2013/08/23 17:10:18 | 000,553,776 | ---- | M] () -- C:\Program Files\Garena Plus\ggspawn.dll

MOD - [2013/08/22 06:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files\Steam\SDL2.dll

MOD - [2013/07/26 14:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XLL.dll

MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll

MOD - [2013/06/15 07:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll

MOD - [2013/06/15 07:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll

MOD - [2013/06/15 07:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll

MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll

MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- C:\Program Files\Garena Plus\libmpg123.dll

MOD - [2013/03/19 16:56:06 | 000,068,400 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll

MOD - [2013/03/19 16:56:04 | 000,516,912 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll

MOD - [2013/03/19 16:56:04 | 000,245,040 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll

MOD - [2013/03/19 16:56:00 | 000,065,840 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll

MOD - [2013/03/19 16:56:00 | 000,055,088 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XmlUIModule.dll

MOD - [2013/03/19 16:56:00 | 000,016,688 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll

MOD - [2013/03/19 16:55:58 | 000,219,952 | ---- | M] () -- C:\Program Files\Garena Plus\lib\TaskManagerLib.dll

MOD - [2013/03/19 16:55:58 | 000,106,288 | ---- | M] () -- C:\Program Files\Garena Plus\lib\UILayout.dll

MOD - [2013/03/19 16:55:56 | 000,374,064 | ---- | M] () -- C:\Program Files\Garena Plus\lib\Http.dll

MOD - [2013/03/19 16:55:56 | 000,224,560 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll

MOD - [2013/03/19 16:55:56 | 000,184,624 | ---- | M] () -- C:\Program Files\Garena Plus\lib\MP3Module.dll

MOD - [2013/03/19 16:55:50 | 000,026,416 | ---- | M] () -- C:\Program Files\Garena Plus\ServerMemAlloc.dll

MOD - [2013/03/19 16:55:48 | 000,087,344 | ---- | M] () -- C:\Program Files\Garena Plus\PluginKernel.dll

MOD - [2013/03/19 16:55:48 | 000,025,392 | ---- | M] () -- C:\Program Files\Garena Plus\PluginModule.dll

MOD - [2013/03/19 16:55:46 | 000,192,816 | ---- | M] () -- C:\Program Files\Garena Plus\ImageModule.dll

MOD - [2013/03/19 16:55:44 | 002,941,232 | ---- | M] () -- C:\Program Files\Garena Plus\ggdownloader.dll

MOD - [2013/03/19 16:55:40 | 000,051,504 | ---- | M] () -- C:\Program Files\Garena Plus\FileLoader.dll

MOD - [2013/03/19 16:55:40 | 000,033,584 | ---- | M] () -- C:\Program Files\Garena Plus\DibModule.dll

MOD - [2013/03/19 16:55:38 | 000,487,216 | ---- | M] () -- C:\Program Files\Garena Plus\CxImage.dll

MOD - [2013/03/19 16:55:38 | 000,104,752 | ---- | M] () -- C:\Program Files\Garena Plus\CommonLib.dll

MOD - [2013/02/01 13:42:28 | 000,153,088 | ---- | M] () -- C:\Program Files\Garena Plus\libzmq.dll

MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2012/12/26 08:13:54 | 003,547,136 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmbtsupp.dll

MOD - [2012/09/19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files\Garena Plus\lame_enc.dll

MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files\Garena Plus\sqlite3.dll

MOD - [2010/01/21 01:52:14 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

MOD - [2010/01/21 01:52:12 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

MOD - [2010/01/21 01:52:06 | 000,565,864 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll

MOD - [2010/01/21 01:51:28 | 000,062,568 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll

MOD - [2007/12/28 08:43:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2007/12/28 08:43:40 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/10/01 16:31:07 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2013/10/01 16:30:42 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)

SRV - [2013/10/01 16:30:37 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2013/08/29 05:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2011/01/15 01:44:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/21 01:52:14 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV - [2010/01/21 01:52:12 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)

SRV - [2007/12/13 22:02:20 | 000,050,984 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)

SRV - [2007/12/13 22:02:10 | 001,442,600 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Adapter | On_Demand | Unknown] --  -- (Winsock - Google Desktop Search Backup Before Last Install)

DRV - File not found [Adapter | On_Demand | Unknown] --  -- (Winsock - Google Desktop Search Backup Before First Install)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKPcFtHk.sys -- (TKPcFt)

DRV - File not found [File_System | On_Demand | Stopped] -- system32\TKFsFt.sys -- (TkFsFtM)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKFsAv.sys -- (TKFsAvM)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKCtrl2k.sys -- (TKCtrl)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NPIDS.SYS -- (NPIDS)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NPFWFLT.SYS -- (NPFWFLT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NPFW.SYS -- (NPFW)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgfwdx.sys -- (Avgfwfd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgfwdx.sys -- (Avgfwdx)

DRV - [2013/10/05 22:23:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2013/10/01 16:31:11 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2013/10/01 16:31:11 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2013/10/01 16:31:11 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2012/07/03 15:07:20 | 000,082,272 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\tkfwflt.sys -- (TKFWFLT)

DRV - [2012/05/14 17:09:54 | 000,160,832 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKFW.sys -- (TKFW)

DRV - [2012/04/16 14:09:54 | 000,134,464 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\tkids.sys -- (TKIDS)

DRV - [2011/09/16 02:34:20 | 007,206,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2011/08/09 04:58:38 | 000,100,368 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)

DRV - [2010/06/22 06:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2010/06/08 17:16:26 | 006,056,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2010/04/09 02:30:10 | 000,168,040 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)

DRV - [2010/03/04 18:02:10 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2010/03/04 18:02:08 | 000,070,912 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/05/26 19:05:08 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)

DRV - [2009/05/26 19:05:08 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008/01/31 20:16:34 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2007/12/13 22:02:10 | 000,040,360 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2007/12/13 22:02:10 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2007/12/13 22:02:10 | 000,017,448 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\system32\drivers\InCDrec.sys -- (InCDRec)

DRV - [2007/12/13 22:02:00 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\.DEFAULT\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10403&src=crm&q={searchTerms}&locale=en_PH&apn_ptnrs=^AC1&apn_dtid=^YYYYYY^YY^PH&apn_uid=84a775fb-9ff6-4b30-b1f7-1cfe24276e31&apn_sauid=5D76D968-5965-4B87-970E-9E6AA1AB1324

IE - HKU\.DEFAULT\..\SearchScopes\{8CFA7157-5858-4F1D-BF37-B28BDE5DBA36}: "URL" = http://www.google.com/search?q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-18\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-18\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10403&src=crm&q={searchTerms}&locale=en_PH&apn_ptnrs=^AC1&apn_dtid=^YYYYYY^YY^PH&apn_uid=84a775fb-9ff6-4b30-b1f7-1cfe24276e31&apn_sauid=5D76D968-5965-4B87-970E-9E6AA1AB1324

IE - HKU\S-1-5-18\..\SearchScopes\{8CFA7157-5858-4F1D-BF37-B28BDE5DBA36}: "URL" = http://www.google.com/search?q={searchTerms}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-20\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-20\..\SearchScopes\{8CFA7157-5858-4F1D-BF37-B28BDE5DBA36}: "URL" = http://www.google.com/search?q={searchTerms}

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found

IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1004\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1004\..\SearchScopes\{8CFA7157-5858-4F1D-BF37-B28BDE5DBA36}: "URL" = http://www.google.com/search?q={searchTerms}

IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PAUL\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PAUL\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

 

[2013/05/19 00:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PAUL\Application Data\Mozilla\Extensions

[2013/10/02 21:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},


CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\PAUL\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: PicMonkey = C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\

CHR - Extension: Chrome In-App Payments service = C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

CHR - Extension: Dilandau = C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\peacmkenjjcaifjckopphcofncigpnlp\1.1.2_0\

 

O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O3 - HKU\S-1-5-21-1844237615-2025429265-682003330-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found

O4 - HKLM..\Run: [Wondershare Helper Compact] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)

O4 - HKU\.DEFAULT..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe (Otaku Software)

O4 - HKU\.DEFAULT..\Run: [VisualTaskTips] C:\WINDOWS\system32\visualtasktips.exe (VisualTaskTips.com)

O4 - HKU\S-1-5-18..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe (Otaku Software)

O4 - HKU\S-1-5-18..\Run: [VisualTaskTips] C:\WINDOWS\system32\visualtasktips.exe (VisualTaskTips.com)

O4 - HKU\S-1-5-20..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe (Otaku Software)

O4 - HKU\S-1-5-20..\Run: [VisualTaskTips] C:\WINDOWS\system32\visualtasktips.exe (VisualTaskTips.com)

O4 - HKU\S-1-5-21-1844237615-2025429265-682003330-1004..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB File not found

O4 - HKU\S-1-5-21-1844237615-2025429265-682003330-1004..\Run: [E09AXLRD_809671] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE" -m File not found

O4 - HKU\S-1-5-21-1844237615-2025429265-682003330-1004..\Run: [GarenaPlus] C:\Program Files\Garena Plus\GarenaMessenger.exe ()

O4 - HKU\S-1-5-21-1844237615-2025429265-682003330-1004..\Run: [L09AXLRD_1338015] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m File not found

O4 - HKU\S-1-5-21-1844237615-2025429265-682003330-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-21-1844237615-2025429265-682003330-1004..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found

O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\S-1-5-21-1844237615-2025429265-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56139E19-0DB2-48E5-8E89-576401260ACA}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (%SystemRoot%\System32\ultlogonui.exe) - C:\WINDOWS\system32\ultlogonui.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) -  File not found


O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Users\PAUL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Users\PAUL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/01/15 00:09:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{cdaa61c0-2008-11e0-a7f0-6c626d6b3ab9}\Shell - "" = AutoRun

O33 - MountPoints2\{cdaa61c0-2008-11e0-a7f0-6c626d6b3ab9}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{cdaa61c0-2008-11e0-a7f0-6c626d6b3ab9}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{fb4811b4-2071-11e0-a7f4-6c626d6b3ab9}\Shell - "" = AutoRun

O33 - MountPoints2\{fb4811b4-2071-11e0-a7f4-6c626d6b3ab9}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fb4811b4-2071-11e0-a7f4-6c626d6b3ab9}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\DVDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2019/09/26 06:40:30 | 000,020,480 | ---- | C] (Lee Matthew Chantrey) -- C:\WINDOWS\System32\APITypes.dll

[2013/10/03 07:07:17 | 000,000,000 | ---D | C] -- C:\Users\PAUL\Desktop\eco

[2013/10/02 21:42:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/10/02 21:34:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/10/02 21:12:57 | 000,000,000 | ---D | C] -- C:\Users\PAUL\Local Settings\Application Data\AskToolbar

[2013/10/02 01:36:24 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2013/10/01 23:37:52 | 000,000,000 | ---D | C] -- C:\Users\PAUL\Desktop\RK_Quarantine

[2013/10/01 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/10/01 16:41:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/10/01 16:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/09/30 18:01:44 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\Nexon

[2013/09/30 17:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Wizet

[2013/09/28 11:09:07 | 000,000,000 | ---D | C] -- C:\Users\PAUL\Local Settings\Application Data\PMB Files

[2013/09/28 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\PMB Files

[2013/09/25 21:38:39 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\iTunes

[2013/09/25 21:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/09/25 21:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/09/25 21:37:49 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2013/09/16 23:17:30 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\VideoLAN

[2013/09/16 22:57:53 | 000,000,000 | ---D | C] -- C:\Users\PAUL\Desktop\Major biomes, part 2 (7)

[2013/09/16 21:53:38 | 000,000,000 | ---D | C] -- C:\Users\PAUL\Local Settings\Application Data\Wondershare

[2013/09/16 21:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare

[2013/09/16 21:53:28 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Wondershare

[2013/09/16 21:53:26 | 000,000,000 | ---D | C] -- C:\Users\PAUL\Application Data\Wondershare

[2013/09/16 21:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare

[2013/09/14 15:09:20 | 000,000,000 | ---D | C] -- C:\Users\PAUL\Local Settings\Application Data\Mendeley Ltd

[2013/09/11 16:34:44 | 000,000,000 | ---D | C] -- C:\ab1630496bb8f16563a8def8

[2013/01/31 10:33:45 | 002,467,672 | ---- | C] (Pokki) -- C:\Users\PAUL\PokkiInstaller (5).exe

[2013/01/27 18:46:52 | 002,467,672 | ---- | C] (Pokki) -- C:\Users\PAUL\PokkiInstaller (4).exe

[2013/01/27 18:43:40 | 002,467,672 | ---- | C] (Pokki) -- C:\Users\PAUL\PokkiInstaller (3).exe

[2013/01/27 18:41:21 | 002,467,672 | ---- | C] (Pokki) -- C:\Users\PAUL\PokkiInstaller (2).exe

[2013/01/27 18:30:10 | 002,467,672 | ---- | C] (Pokki) -- C:\Users\PAUL\PokkiInstaller.exe

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2019/09/26 06:40:30 | 000,020,480 | ---- | M] (Lee Matthew Chantrey) -- C:\WINDOWS\System32\APITypes.dll

[2013/10/08 21:14:23 | 000,000,479 | ---- | M] () -- C:\Users\PAUL\Desktop\Software.lnk

[2013/10/08 21:13:01 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-2025429265-682003330-1004UA.job

[2013/10/08 20:48:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/10/08 20:31:10 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2013/10/08 20:31:09 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/10/08 20:31:08 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job

[2013/10/08 20:31:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/10/08 20:31:05 | 1878,249,472 | -HS- | M] () -- C:\hiberfil.sys

[2013/10/08 20:20:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/10/07 19:59:32 | 000,002,057 | ---- | M] () -- C:\Users\PAUL\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/10/05 22:23:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2013/10/05 22:13:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-2025429265-682003330-1004Core.job

[2013/10/02 21:20:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/10/01 19:03:49 | 000,020,058 | ---- | M] () -- C:\Users\PAUL\Desktop\q.jpg

[2013/10/01 16:41:06 | 000,000,784 | ---- | M] () -- C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/10/01 16:31:11 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2013/10/01 16:31:11 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2013/10/01 16:31:11 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys

[2013/09/30 20:10:24 | 000,002,515 | ---- | M] () -- C:\Users\PAUL\Desktop\Microsoft Office Word 2007.lnk

[2013/09/25 22:10:43 | 000,081,820 | ---- | M] () -- C:\Users\PAUL\Desktop\butdidudie.jpg

[2013/09/25 21:38:40 | 000,001,542 | ---- | M] () -- C:\Users\All Users\Desktop\iTunes.lnk

[2013/09/19 20:16:45 | 000,153,034 | ---- | M] () -- C:\Users\PAUL\Desktop\p63.jpg

[2013/09/19 20:16:38 | 000,142,289 | ---- | M] () -- C:\Users\PAUL\Desktop\p62.jpg

[2013/09/19 20:16:32 | 000,149,748 | ---- | M] () -- C:\Users\PAUL\Desktop\p61.jpg

[2013/09/17 12:07:06 | 000,019,688 | ---- | M] () -- C:\Users\PAUL\Desktop\Garen.W1.mp3

[2013/09/17 12:05:53 | 000,025,280 | ---- | M] () -- C:\Users\PAUL\Desktop\Garen.W1.ogg

[2013/09/16 23:38:26 | 000,128,775 | ---- | M] () -- C:\Users\PAUL\Desktop\Thresh.move1.mp3

[2013/09/16 23:36:31 | 000,136,180 | ---- | M] () -- C:\Users\PAUL\Desktop\Thresh.move1.ogg

[2013/09/16 23:25:47 | 000,148,419 | ---- | M] () -- C:\Users\PAUL\Desktop\Thresh.taunt1.mp3

[2013/09/16 23:17:30 | 000,000,719 | ---- | M] () -- C:\Users\All Users\Desktop\VLC media player.lnk

[2013/09/16 23:15:19 | 023,003,252 | ---- | M] () -- C:\Users\PAUL\vlc-2.0.8-win32.exe

[2013/09/16 23:14:06 | 000,154,638 | ---- | M] () -- C:\Users\PAUL\Desktop\Thresh.taunt1.ogg

[2013/09/16 21:53:28 | 000,001,774 | ---- | M] () -- C:\Users\All Users\Desktop\Wondershare MobileGo for iOS.lnk

[2013/09/15 22:58:31 | 000,051,060 | ---- | M] () -- C:\Users\PAUL\Desktop\p6.jpg

[2013/09/12 07:29:48 | 001,522,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/09/12 03:05:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/09/10 22:15:08 | 000,331,816 | ---- | M] () -- C:\Users\PAUL\Desktop\rambutan.pdf

[2013/09/10 18:27:24 | 000,325,010 | ---- | M] () -- C:\Users\PAUL\Desktop\creator viktor.htm

[2013/09/08 21:40:19 | 000,105,825 | ---- | M] () -- C:\Users\PAUL\Desktop\581577_568696409855850_2086274223_n.jpg

[2013/09/08 21:40:15 | 000,105,792 | ---- | M] () -- C:\Users\PAUL\Desktop\1173792_568696453189179_896695537_n.jpg

[2013/09/08 21:40:11 | 000,113,349 | ---- | M] () -- C:\Users\PAUL\Desktop\1174736_568696576522500_196693206_n.jpg

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/10/08 21:14:23 | 000,000,479 | ---- | C] () -- C:\Users\PAUL\Desktop\Software.lnk

[2013/10/01 19:03:58 | 000,020,058 | ---- | C] () -- C:\Users\PAUL\Desktop\q.jpg

[2013/10/01 16:41:06 | 000,000,784 | ---- | C] () -- C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/09/28 12:26:22 | 1878,249,472 | -HS- | C] () -- C:\hiberfil.sys

[2013/09/25 22:10:38 | 000,081,820 | ---- | C] () -- C:\Users\PAUL\Desktop\butdidudie.jpg

[2013/09/25 21:38:40 | 000,001,542 | ---- | C] () -- C:\Users\All Users\Desktop\iTunes.lnk

[2013/09/19 20:16:45 | 000,153,034 | ---- | C] () -- C:\Users\PAUL\Desktop\p63.jpg

[2013/09/19 20:16:38 | 000,142,289 | ---- | C] () -- C:\Users\PAUL\Desktop\p62.jpg

[2013/09/19 20:16:31 | 000,149,748 | ---- | C] () -- C:\Users\PAUL\Desktop\p61.jpg

[2013/09/17 12:06:53 | 000,019,688 | ---- | C] () -- C:\Users\PAUL\Desktop\Garen.W1.mp3

[2013/09/17 12:05:49 | 000,025,280 | ---- | C] () -- C:\Users\PAUL\Desktop\Garen.W1.ogg

[2013/09/16 23:37:09 | 000,128,775 | ---- | C] () -- C:\Users\PAUL\Desktop\Thresh.move1.mp3

[2013/09/16 23:36:29 | 000,136,180 | ---- | C] () -- C:\Users\PAUL\Desktop\Thresh.move1.ogg

[2013/09/16 23:25:38 | 000,148,419 | ---- | C] () -- C:\Users\PAUL\Desktop\Thresh.taunt1.mp3

[2013/09/16 23:17:30 | 000,000,719 | ---- | C] () -- C:\Users\All Users\Desktop\VLC media player.lnk

[2013/09/16 23:14:34 | 023,003,252 | ---- | C] () -- C:\Users\PAUL\vlc-2.0.8-win32.exe

[2013/09/16 23:14:05 | 000,154,638 | ---- | C] () -- C:\Users\PAUL\Desktop\Thresh.taunt1.ogg

[2013/09/16 21:53:28 | 000,001,774 | ---- | C] () -- C:\Users\All Users\Desktop\Wondershare MobileGo for iOS.lnk

[2013/09/15 22:58:30 | 000,051,060 | ---- | C] () -- C:\Users\PAUL\Desktop\p6.jpg

[2013/09/10 22:15:07 | 000,331,816 | ---- | C] () -- C:\Users\PAUL\Desktop\rambutan.pdf

[2013/09/10 18:27:09 | 000,325,010 | ---- | C] () -- C:\Users\PAUL\Desktop\creator viktor.htm

[2013/09/08 21:40:19 | 000,105,825 | ---- | C] () -- C:\Users\PAUL\Desktop\581577_568696409855850_2086274223_n.jpg

[2013/09/08 21:40:15 | 000,105,792 | ---- | C] () -- C:\Users\PAUL\Desktop\1173792_568696453189179_896695537_n.jpg

[2013/09/08 21:40:11 | 000,113,349 | ---- | C] () -- C:\Users\PAUL\Desktop\1174736_568696576522500_196693206_n.jpg

[2013/08/31 18:35:42 | 000,045,194 | ---- | C] () -- C:\Users\PAUL\Application Data\room_v3.dat

[2013/08/06 19:18:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2013/06/24 16:35:41 | 003,800,750 | ---- | C] () -- C:\Users\PAUL\nds4ios.ipa

[2013/06/24 16:33:07 | 000,713,778 | ---- | C] () -- C:\Users\PAUL\nds4ios.rar

[2013/02/18 12:38:11 | 000,000,000 | ---- | C] () -- C:\Users\PAUL\vlc-2.0.5-win32.exe

[2012/12/24 19:19:03 | 004,838,069 | ---- | C] () -- C:\Users\PAUL\HEART SKIPS A BEAT.mp3

[2012/12/22 20:46:16 | 000,055,364 | ---- | C] () -- C:\Users\PAUL\Oblivion.ttf

[2012/12/22 20:46:16 | 000,015,854 | ---- | C] () -- C:\Users\PAUL\Oblivion.gif

[2012/10/26 13:18:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/10/26 13:18:03 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2012/10/26 13:18:03 | 000,239,869 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012/10/26 13:18:03 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2012/09/22 17:17:45 | 000,000,000 | ---- | C] () -- C:\Users\PAUL\ipconfig

[2012/07/02 17:15:17 | 000,009,216 | -H-- | C] () -- C:\Users\PAUL\photothumb.db

[2012/07/01 13:26:13 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll

[2012/04/19 09:06:23 | 000,008,452 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/03/20 17:17:27 | 000,000,000 | ---- | C] () -- C:\Users\PAUL\TrimmedToBlueSnail-patched-bluesnail.xdelta

[2012/03/20 17:11:12 | 000,000,000 | ---- | C] () -- C:\Users\PAUL\4851 – MapleStory DS (K)-patched-bluesnail.nds

[2012/03/09 18:29:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/16 21:31:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2012/01/28 22:03:03 | 000,000,110 | ---- | C] () -- C:\Users\PAUL\Local Settings\Application Data\fusioncache.dat

[2011/09/12 19:47:44 | 000,065,208 | ---- | C] () -- C:\Users\PAUL\clip_image002.jpg

[2011/07/02 21:30:01 | 000,135,970 | ---- | C] () -- C:\Users\PAUL\cc_20110702_2129.reg

[2011/02/20 13:15:10 | 000,013,312 | ---- | C] () -- C:\Users\PAUL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/15 19:24:22 | 000,013,410 | ---- | C] () -- C:\Users\PAUL\Local Settings\Application Data\slot1.mm1

[2011/01/15 00:29:47 | 000,001,024 | ---- | C] () -- C:\Users\PAUL\.rnd

 

========== ZeroAccess Check ==========

 

[2011/01/15 00:10:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2007/12/28 08:43:54 | 001,498,112 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2007/12/28 08:43:58 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/01/17 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\.mono

[2012/02/20 15:27:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\100

[2013/09/25 21:38:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2011/08/03 14:26:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\aliasworlds

[2012/07/10 14:29:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\avg9

[2012/04/17 13:36:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Battle.net

[2012/02/16 15:40:53 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Application Data\Common Files

[2011/01/15 19:23:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Farm Fishes

[2013/01/12 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Free Download Manager

[2011/01/15 19:35:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Fugazo

[2013/07/20 08:16:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Garena

[2013/10/08 20:34:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\GarenaMessenger

[2011/04/26 22:47:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\HipSoft

[2013/06/07 21:52:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\InstallMate

[2011/04/26 17:06:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Legacy Interactive

[2011/04/26 16:34:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\n7-89-o9-3r-4t-r9

[2011/08/03 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Nevosoft-Breeze

[2013/09/30 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Nexon

[2013/03/22 18:00:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Package Cache

[2011/01/15 20:18:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\PlayFirst

[2013/09/28 12:29:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\PMB Files

[2011/03/23 20:42:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\PopCap Games

[2013/02/19 19:47:41 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Steam

[2011/07/29 20:50:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\SugarGames

[2012/09/25 19:42:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\TEMP

[2011/07/30 10:33:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\The Revills Games

[2012/05/30 13:06:01 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\TuneUp Software

[2012/03/16 21:15:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\WildTangent

[2012/05/30 13:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2011/01/15 00:20:43 | 000,000,000 | ---D | M] -- C:\Users\Default User\Application Data\LClock

[2011/01/15 00:20:49 | 000,000,000 | ---D | M] -- C:\Users\Default User\Application Data\OtakuSoftware

[2011/01/15 00:20:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\Application Data\RKLauncher

[2011/01/15 00:21:00 | 000,000,000 | ---D | M] -- C:\Users\Default User\Application Data\TrueTransparency

[2012/02/18 15:37:13 | 000,000,000 | ---D | M] -- C:\Users\LocalService\Application Data\Softonic

[2013/01/17 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\.mono

[2013/06/28 22:42:07 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\AdbDriverInstaller

[2011/08/02 11:56:43 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\Alawar

[2011/08/03 14:26:17 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\aliasworlds

[2012/02/26 10:43:53 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\AVG9

[2011/07/30 10:38:01 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\Blue Tea Games

[2012/03/03 10:21:34 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\CupcakeCafe

[2011/07/29 20:45:13 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\EleFun Games

[2013/10/08 21:15:51 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\Free Download Manager

[2011/07/30 13:32:23 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\Friday's games

[2011/04/26 16:34:14 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\GameHouse

[2013/07/20 08:16:53 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\Garena

[2013/10/08 20:34:49 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\GarenaPlus

[2012/04/19 13:11:18 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\GetRightToGo

[2011/01/15 00:20:43 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\LClock

[2012/02/16 19:58:02 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\LolClient

[2012/06/05 15:10:28 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\LolClient2

[2011/08/03 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\Nevosoft-Breeze

[2011/01/15 00:20:49 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\OtakuSoftware

[2012/03/04 15:33:31 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\PhotoScape

[2011/04/22 23:08:41 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\PlayFirst

[2013/05/19 00:36:59 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\Pokémon Trading Card Game Online

[2011/01/15 00:20:58 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\RKLauncher

[2011/08/17 08:22:39 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\Rovio

[2011/01/15 00:21:00 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\TrueTransparency

[2012/05/30 13:04:30 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\TuneUp Software

[2013/09/16 21:53:38 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\Wondershare

[2011/07/29 21:35:28 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\World-Loom

 

========== Purity Check ==========

 

 

 

========== Files - Unicode (All) ==========

[2013/10/01 07:45:41 | 098,602,865 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\녇啼6

[2013/10/01 07:45:41 | 098,602,865 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\녇啼6

[2013/09/30 16:54:58 | 098,488,992 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꋩா啼6

[2013/09/30 16:54:58 | 098,488,992 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꋩா啼6

[2013/09/28 10:39:12 | 098,372,650 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\潼啼6

[2013/09/28 10:39:12 | 098,372,650 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\潼啼6

[2013/09/23 06:03:08 | 098,597,466 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\܅ƾ啼6

[2013/09/23 06:03:08 | 098,597,466 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\܅ƾ啼6

[2013/09/20 19:59:06 | 098,474,815 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\훌룬啼6

[2013/09/20 19:59:06 | 098,474,815 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\훌룬啼6

[2013/09/20 13:11:45 | 098,443,620 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꓦ戶啼6

[2013/09/20 13:11:45 | 098,443,620 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꓦ戶啼6

[2013/09/16 19:32:53 | 097,757,658 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ҋࡈ啼6

[2013/09/16 19:32:53 | 097,757,658 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ҋࡈ啼6

[2013/09/14 22:36:44 | 097,581,476 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\圥啼6

[2013/09/14 22:36:44 | 097,581,476 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\圥啼6

[2013/09/11 14:59:41 | 097,063,418 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䃱ꥲ啼6

[2013/09/11 14:59:41 | 097,063,418 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䃱ꥲ啼6

[2013/09/11 07:56:05 | 097,021,647 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\쀲啼6

[2013/09/11 07:56:05 | 097,021,647 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\쀲啼6

[2013/09/10 09:36:52 | 096,851,172 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\铚啼6

[2013/09/10 09:36:52 | 096,851,172 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\铚啼6

[2013/09/08 20:43:33 | 096,559,285 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\⷟啼6

[2013/09/08 20:43:33 | 096,559,285 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\⷟啼6

[2013/09/03 19:18:48 | 095,570,093 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㙬嗔6

[2013/09/03 19:18:48 | 095,570,093 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㙬嗔6

[2013/08/31 18:24:20 | 095,103,849 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\꣄嗔6

[2013/08/31 18:24:20 | 095,103,849 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\꣄嗔6

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 128 bytes -> C:\Users\All Users\Application Data\TEMP:B0456F0C

@Alternate Data Stream - 114 bytes -> C:\Users\All Users\Application Data\TEMP:EF38B79C

@Alternate Data Stream - 114 bytes -> C:\Users\All Users\Application Data\TEMP:9E3E060F

@Alternate Data Stream - 109 bytes -> C:\Users\All Users\Application Data\TEMP:BBF60A29

@Alternate Data Stream - 109 bytes -> C:\Users\All Users\Application Data\TEMP:483AC68A

@Alternate Data Stream - 106 bytes -> C:\Users\All Users\Application Data\TEMP:4AD2C54D

 

< End of report >

 

Link to post
Share on other sites

OTL Extras logfile created on: 10/8/2013 9:13:37 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads\Software

Windows XP Media Center Edition Service Pack 3, v.6419 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.75 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 35.76% Memory free

3.60 Gb Paging File | 2.06 Gb Available in Paging File | 57.12% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 214.84 Gb Total Space | 123.40 Gb Free Space | 57.44% Space Free | Partition Type: NTFS

 

Computer Name: PAUL-D39F57A0EC | User Name: PAUL | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1004\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 168296448

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"58291:TCP" = 58291:TCP:*:Enabled:Pando Media Booster

"58291:UDP" = 58291:UDP:*:Enabled:Pando Media Booster

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher

"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher

"6926:TCP" = 6926:TCP:*:Enabled:League of Legends Launcher

"6926:UDP" = 6926:UDP:*:Enabled:League of Legends Launcher

"6931:TCP" = 6931:TCP:*:Enabled:League of Legends Launcher

"6931:UDP" = 6931:UDP:*:Enabled:League of Legends Launcher

"6905:TCP" = 6905:TCP:*:Enabled:League of Legends Launcher

"6905:UDP" = 6905:UDP:*:Enabled:League of Legends Launcher

"6915:TCP" = 6915:TCP:*:Enabled:League of Legends Launcher

"6915:UDP" = 6915:UDP:*:Enabled:League of Legends Launcher

"6893:TCP" = 6893:TCP:*:Enabled:League of Legends Launcher

"6893:UDP" = 6893:UDP:*:Enabled:League of Legends Launcher

"6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher

"6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher

"6948:TCP" = 6948:TCP:*:Enabled:League of Legends Launcher

"6948:UDP" = 6948:UDP:*:Enabled:League of Legends Launcher

"6916:TCP" = 6916:TCP:*:Enabled:League of Legends Launcher

"6916:UDP" = 6916:UDP:*:Enabled:League of Legends Launcher

"58291:TCP" = 58291:TCP:*:Enabled:Pando Media Booster

"58291:UDP" = 58291:UDP:*:Enabled:Pando Media Booster

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe

"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe

"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe" = C:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)

"C:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe" = C:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()

"C:\CherryDeGames\Dragon Nest\DragonNest.exe" = C:\CherryDeGames\Dragon Nest\DragonNest.exe:*:Enabled:Dragon Nest -- (Eyedentity Games)

"C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Users\PAUL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox

"C:\Program Files\Garena Plus\PluginsC\Program Files\Garena Plus\Plugins\GameData\Apps\LoLPH\Air\LolClient.exe" = C:\Program Files\Garena Plus\PluginsC\Program Files\Garena Plus\Plugins\GameData\Apps\LoLPH\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)

"C:\Program Files\Garena Plus\PluginsC\Program Files\Garena Plus\Plugins\GameData\Apps\LoLPH\Game\League of Legends.exe" = C:\Program Files\Garena Plus\PluginsC\Program Files\Garena Plus\Plugins\GameData\Apps\LoLPH\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()

"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Disabled:Free Download Manager -- (FreeDownloadManager.ORG)

"C:\Program Files\Garena Plus\GarenaMessenger.exe" = C:\Program Files\Garena Plus\GarenaMessenger.exe:*:Enabled:Garena Plus -- ()

"C:\Users\PAUL\Local Settings\Temp\RarSFX0\hl.exe" = C:\Users\PAUL\Local Settings\Temp\RarSFX0\hl.exe:*:Disabled:Half-Life Launcher

"C:\Program Files\Garena Plus\UpdateManager.exe" = C:\Program Files\Garena Plus\UpdateManager.exe:*:Enabled:UpdateManager Module -- ()

"C:\Users\PAUL\Desktop\Garena Plus\GarenaMessenger.exe" = C:\Users\PAUL\Desktop\Garena Plus\GarenaMessenger.exe:*:Enabled:Garena Plus -- ()

"C:\Downloads\Software\LoLInstaller.exe" = C:\Downloads\Software\LoLInstaller.exe:*:Enabled:LoL Game Installer

"C:\Downloads\Software\LoLInstaller(1).exe" = C:\Downloads\Software\LoLInstaller(1).exe:*:Enabled:LoL Game Installer -- ()

"C:\Program Files\Garena Plus\Apps\LoLPH\Air\LolClient.exe" = C:\Program Files\Garena Plus\Apps\LoLPH\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()

"C:\Program Files\Garena Plus\Apps\LoLPH\Game\League of Legends.exe" = C:\Program Files\Garena Plus\Apps\LoLPH\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()

"C:\Downloads\Software\HoNInstaller(1).exe" = C:\Downloads\Software\HoNInstaller(1).exe:*:Enabled:Garena Installer -- ()

"C:\Program Files\Garena Plus\ggdllhost.exe" = C:\Program Files\Garena Plus\ggdllhost.exe:*:Enabled:ggdllhost -- ()

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0B31C808-8274-460D-8846-C711D40544A0}_is1" = Wondershare MobileGo for iOS ( Version 3.2.0 )

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery

"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5FCCD531-1B38-4A94-924C-127F722F1033}" = Nero 8

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3B4BDAA-7B03-43B1-804C-54B451EF9668}" = nProtect Security Platform

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1

"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX

"{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 12.0

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Avira AntiVir Desktop" = Avira Free Antivirus

"EAX Unified (SHELL)" = EAX Unified (SHELL)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Free Download Manager_is1" = Free Download Manager 3.9.2

"LoLPH" = Garena - League of Legends

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"Sun Broadband Wireless" = Sun Broadband Wireless

"The Elder Scrolls V: Skyrim Hearthfire DLC_is1" = The Elder Scrolls V: Skyrim Hearthfire DLC

"The Elder Scrolls V: SKYRIM Update 1 + Crack_is1" = The Elder Scrolls V: SKYRIM Update 1 + Crack

"The Elder Scrolls V: SKYRIM_is1" = The Elder Scrolls V: SKYRIM

"Trusted Software Assistant_is1" = File Type Assistant

"VLC media player" = VLC media player 2.0.8

"WinRAR archiver" = WinRAR archiver

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10/2/2013 8:03:45 AM | Computer Name = PAUL-D39F57A0EC | Source = Microsoft Office 12 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office PowerPoint.

 

Error - 10/2/2013 9:03:36 AM | Computer Name = PAUL-D39F57A0EC | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.3282, faulting

 module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

 

Error - 10/2/2013 9:03:53 AM | Computer Name = PAUL-D39F57A0EC | Source = MsiInstaller | ID = 11316

Description = Product: Avira SearchFree Toolbar -- Error 1316.A network error occurred

 while attempting to read from the file C:\WINDOWS\Installer\Ask Toolbar.msi

 

Error - 10/2/2013 9:04:10 AM | Computer Name = PAUL-D39F57A0EC | Source = MsiInstaller | ID = 11316

Description = Product: Avira SearchFree Toolbar -- Error 1316.A network error occurred

 while attempting to read from the file C:\WINDOWS\Installer\Ask Toolbar.msi

 

Error - 10/2/2013 12:09:25 PM | Computer Name = PAUL-D39F57A0EC | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.3282, faulting

 module unknown, version 0.0.0.0, fault address 0x00090000.

 

Error - 10/2/2013 1:24:04 PM | Computer Name = PAUL-D39F57A0EC | Source = Application Error | ID = 1000

Description = Faulting application avgnt.exe, version 14.0.0.383, faulting module

 ccmsg.dll, version 14.0.0.383, fault address 0x000098fd.

 

[ OSession Events ]

Error - 9/12/2011 8:10:23 AM | Computer Name = PAUL-D39F57A0EC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1578

 seconds with 180 seconds of active time.  This session ended with a crash.

 

Error - 9/16/2011 10:03:05 AM | Computer Name = PAUL-D39F57A0EC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 

lasted 10033 seconds with 8460 seconds of active time.  This session ended with 

a crash.

 

[ System Events ]

Error - 7/17/2013 8:36:48 AM | Computer Name = PAUL-D39F57A0EC | Source = Service Control Manager | ID = 7001

Description = The AVG9IDSDriver service depends on the AVG9IDSFilter service which

 failed to start because of the following error:   %%1068

 

Error - 7/17/2013 8:36:48 AM | Computer Name = PAUL-D39F57A0EC | Source = Service Control Manager | ID = 7002

Description = The AVG9IDSAgent service depends on the AVGIDSDriver group and no 

member of this group started.

 

Error - 7/17/2013 8:36:48 AM | Computer Name = PAUL-D39F57A0EC | Source = Service Control Manager | ID = 7003

Description = The AVG E-mail Scanner service depends on the following nonexistent

 service: avg9wd

 

Error - 7/17/2013 8:36:48 AM | Computer Name = PAUL-D39F57A0EC | Source = Service Control Manager | ID = 7000

Description = The AVG Firewall service failed to start due to the following error:

   %%2

 

Error - 7/17/2013 8:36:48 AM | Computer Name = PAUL-D39F57A0EC | Source = Service Control Manager | ID = 7023

Description = The System Restore Service service terminated with the following error:

   %%2

 

Error - 7/17/2013 8:15:35 PM | Computer Name = PAUL-D39F57A0EC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.43 for the Network Card with network

 address 6C626D6B3AB9 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server

 sent a DHCPNACK message).

 

Error - 7/17/2013 8:15:36 PM | Computer Name = PAUL-D39F57A0EC | Source = DCOM | ID = 10016

Description = The application-specific permission settings do not grant Local Launch

 permission for the COM Server application with CLSID   {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

 

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be

 modified using the Component Services administrative tool.

 

Error - 7/17/2013 8:15:55 PM | Computer Name = PAUL-D39F57A0EC | Source = SRService | ID = 104

Description = The System Restore initialization process failed.

 

Error - 7/17/2013 8:16:15 PM | Computer Name = PAUL-D39F57A0EC | Source = Service Control Manager | ID = 7000

Description = The AVG9IDSShim service failed to start due to the following error:

   %%3

 

Error - 7/17/2013 8:16:15 PM | Computer Name = PAUL-D39F57A0EC | Source = Service Control Manager | ID = 7001

Description = The AVG9IDSFilter service depends on the AVG9IDSShim service which

 failed to start because of the following error:   %%3

 

 

< End of report >
Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE - HKU\.DEFAULT\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found

    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

    IE - HKU\.DEFAULT\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10403&src=crm&q={searchTerms}&locale=en_PH&apn_ptnrs=^AC1&apn_dtid=^YYYYYY^YY^PH&apn_uid=84a775fb-9ff6-4b30-b1f7-1cfe24276e31&apn_sauid=5D76D968-5965-4B87-970E-9E6AA1AB1324

    IE - HKU\S-1-5-18\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

    IE - HKU\S-1-5-18\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10403&src=crm&q={searchTerms}&locale=en_PH&apn_ptnrs=^AC1&apn_dtid=^YYYYYY^YY^PH&apn_uid=84a775fb-9ff6-4b30-b1f7-1cfe24276e31&apn_sauid=5D76D968-5965-4B87-970E-9E6AA1AB1324

    IE - HKU\S-1-5-21-1844237615-2025429265-682003330-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found

    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

    [2013/10/02 21:12:57 | 000,000,000 | ---D | C] -- C:\Users\PAUL\Local Settings\Application Data\AskToolbar

    [2012/07/10 14:29:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\avg9

    [2013/06/07 21:52:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\InstallMate

    [2011/03/23 20:42:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\PopCap Games

    [2012/02/26 10:43:53 | 000,000,000 | ---D | M] -- C:\Users\PAUL\Application Data\AVG9

    :files

    ipconfig /flushdns /c

    :Commands

    [purity]

    [emptytemp]

    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

 All processes killed

========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
C:\Users\PAUL\Local Settings\Application Data\AskToolbar\APNU folder moved successfully.
C:\Users\PAUL\Local Settings\Application Data\AskToolbar folder moved successfully.
C:\Users\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Users\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Users\All Users\Application Data\avg9\update\download\ads folder moved successfully.
C:\Users\All Users\Application Data\avg9\update\download folder moved successfully.
C:\Users\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Users\All Users\Application Data\avg9\update folder moved successfully.
C:\Users\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Users\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Users\All Users\Application Data\avg9\Lsdb\Prev folder moved successfully.
C:\Users\All Users\Application Data\avg9\Lsdb folder moved successfully.
C:\Users\All Users\Application Data\avg9\Log\IDP\log folder moved successfully.
C:\Users\All Users\Application Data\avg9\Log\IDP folder moved successfully.
C:\Users\All Users\Application Data\avg9\Log folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\quarantine folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\profile folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox\9 folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox\8 folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox\7 folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox\6 folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox\5 folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox\4 folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox\3 folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox\2 folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox\1 folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox\0 folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\outbox folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\malwareprofile folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\log folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\download folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\Config\EN_US folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS\Config folder moved successfully.
C:\Users\All Users\Application Data\avg9\IDS folder moved successfully.
C:\Users\All Users\Application Data\avg9\emc\Queue\TEMP folder moved successfully.
C:\Users\All Users\Application Data\avg9\emc\Queue\OUT folder moved successfully.
C:\Users\All Users\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Users\All Users\Application Data\avg9\emc\Queue folder moved successfully.
C:\Users\All Users\Application Data\avg9\emc\Log folder moved successfully.
C:\Users\All Users\Application Data\avg9\emc folder moved successfully.
C:\Users\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Users\All Users\Application Data\avg9\Chjw\ace86bc6e86b8d80 folder moved successfully.
C:\Users\All Users\Application Data\avg9\Chjw folder moved successfully.
C:\Users\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Users\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Users\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Users\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Users\All Users\Application Data\avg9\Antispam folder moved successfully.
C:\Users\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Users\All Users\Application Data\avg9 folder moved successfully.
C:\Users\All Users\Application Data\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\5A562C7D84879F4E folder moved successfully.
C:\Users\All Users\Application Data\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491} folder moved successfully.
C:\Users\All Users\Application Data\InstallMate\{3B699AEF-4465-4119-A3F2-0C47E08AB819} folder moved successfully.
C:\Users\All Users\Application Data\InstallMate\EFC98649\cfg folder moved successfully.
C:\Users\All Users\Application Data\InstallMate\EFC98649 folder moved successfully.
C:\Users\All Users\Application Data\InstallMate folder moved successfully.
C:\Users\All Users\Application Data\PopCap Games\.system folder moved successfully.
C:\Users\All Users\Application Data\PopCap Games folder moved successfully.
C:\Users\PAUL\Application Data\AVG9\cfgall folder moved successfully.
C:\Users\PAUL\Application Data\AVG9 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Downloads\Software\cmd.bat deleted successfully.
C:\Downloads\Software\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 413204 bytes
->Google Chrome cache emptied: 856432 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 413204 bytes
 
User: LocalService
->Temporary Internet Files folder emptied: 207670 bytes
->Flash cache emptied: 456 bytes
 
User: NetworkService
->Temp folder emptied: 1882 bytes
->Temporary Internet Files folder emptied: 694730 bytes
 
User: PAUL
->Temp folder emptied: 593762592 bytes
->Temporary Internet Files folder emptied: 41585554 bytes
->Google Chrome cache emptied: 351340314 bytes
->Flash cache emptied: 607 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2483155 bytes
%systemroot%\System32 .tmp files removed: 2935313 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18632851 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 440217234 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 45667 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,386.00 mb
 
Unable to stop System Restore Service. Error code 1722. Restore points not cleared.
Unable to start System Restore Service. Error code 10. Restore point not created.
 
OTL by OldTimer - Version 3.2.69.0 log created on 10092013_152736
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Let's try again:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.09.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

PAUL :: PAUL-D39F57A0EC [administrator]

 

10/10/2013 8:49:09 AM

mbam-log-2013-10-10 (08-49-09).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 2134263

Time elapsed: 3 hour(s), 34 minute(s), 46 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

still takes more than 3hrs...but i think it's solved...will notify if something weird happens...thanks :)

Link to post
Share on other sites

Let me try something else:

http://www.ehow.com/how_8552183_set-file-exception-avira.html

Please exclude the following files:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

C:\Windows\System32\drivers\mbam.sys

C:\Windows\System32\drivers\mbamswissarmy.sys

Reboot your system and try another quick scan again.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.