Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware that blocks sites and anti-malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware that blocks sites and anti-malware

Unread postby desux3 » June 24th, 2012, 5:38 am

Hi, I've got a weird malware that affects many aspects of my computer activities in the following ways:

1. PDF files can be opened, but always freeze after a few seconds.
2. Windows media player freezes after a few seconds of opening.
3. Internet explorer can begin downloading files but cannot complete the download. (Other browsers like Firefox and Safari can.)
4. AVG always identifies an unknown file, qbuthije.exe, upon startup. I quarantine the file every time, but the alert still appears.
5. Cannot access the sites for Malwarebytes, McAfee, Symantec, Bleeping Computer, and ESET online scan.

I managed to download Malwarebytes, Superantispyware, and TDSS Killer from other sites, and they are running scans right now but have not found anything substantial yet.

I believe I got the malware when my system gave an alert that I needed to update my PDF reader and I clicked on it.

Edit: Finished all the scans and quarantined everything that the programs picked up. Problem still remains.

Edit2: Tried running ComboFix in safe mode. The problems went away for a while and I could open Windows Media Player, as well as access Bleeping Computer, but the problems started again within 5 minutes. Seems like the root cause has not been removed. Updated DDS below.

Edit3: Ran ComboFix in safe mode again. This time, it only deleted two files, the gbuthije.exe file, and another one I don't recognise. After ComboFix rebooted the computer, it tried to generate a file log but this led to a BSOD. All subsequent ComboFix scans led to the same BSOD after rebooting. Once I reboot a second time after the BSOD, the problems will go away for a short while before coming back again.

Edit4: I ran TFC.exe, it cleared up a bunch of stuff, and it seems that the problems have all been solved. I can now read PDF files, use WMP, download files on IE, access all the sites that were once blocked, and the qbuthije.exe file no longer appears. No idea how TFC did it and why it worked, but I'm happy with the result.

I'll update the DDS again, and I'd be really grateful if someone could take a look at it and confirm that there is no more malware remaining.
--------------------------



DDS (Ver_09-12-01.01) - NTFSx86
Run by Johnathan at 2:59:12.16 on 06/26/2012 Tue
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Microsoft Windows 7 Professional 6.1.7601.1.932.81.1033.18.1909.462 [GMT 10:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PPLive\PPVA\PPLiveVA.exe
C:\Users\Johnathan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Users\Johnathan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Users\Johnathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Johnathan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Lunascape\Lunascape6\Luna.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Johnathan\SkyDrive\anti malware\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\users\johnathan\appdata\local\iudhwidq\qbuthije.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Download_Bho Class: {a986e409-30cc-4185-89bb-ab212c104524} - c:\program files\pplive\ppva\DownloaderManager.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Search-Results Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Search-Results Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [EADM] "d:\electronic arts\eadm\EADMUI.exe"
uRun: [PPAP] "c:\program files\common files\pplivenetwork\PPAP.exe" -background
uRun: [PPLiveVA] "c:\program files\pplive\ppva\PPLiveVA.exe" /LoadModule PPVA.DLL /M REAL /S 0 /T 0
uRun: [Akamai NetSession Interface] "c:\users\johnathan\appdata\local\akamai\netsession_win.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [SkyDrive] "c:\users\johnathan\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [QbuThije] c:\users\johnathan\appdata\local\iudhwidq\qbuthije.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [VIAAUD] c:\program files\via\viaudioi\vdeck\VIAAUD.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [F5D9050] c:\program files\belkin\f5d9050\Belkinwcui.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\johnat~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\johnathan\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: gameyarou.jp\www
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.co ... 4.22.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\johnat~1\appdata\roaming\mozilla\firefox\profiles\8x1qp87e.default\
FF - prefs.js: browser.search.selectedEngine - Search-Results
FF - prefs.js: browser.startup.homepage - http://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/red ... 001YYAU&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\webzen\browserextension\NPWZCmnCtrl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonjp\ngm\npNxGameJP.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-16 19968]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-3-12 2320920]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-3-12 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-14 269824]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2011-3-12 982528]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-3-12 1119744]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-27 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-27 116648]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-3-12 120432]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\drivers\JME.sys [2011-3-12 98928]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-24 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-18 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-16 129976]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-12 1343400]
S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-4-27 670816]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2012-06-25 16:04:00 0 d-----w- c:\programdata\Office Genuine Advantage
2012-06-25 08:40:32 265072384 ----a-w- c:\windows\MEMORY.DMP
2012-06-25 08:37:19 0 d-----w- C:\$RECYCLE.BIN
2012-06-25 08:14:46 0 d-----w- C:\ComboFix
2012-06-25 07:00:12 0 d-----w- c:\programdata\McAfee Security Scan
2012-06-25 07:00:10 0 d-----w- c:\programdata\McAfee
2012-06-25 07:00:10 0 d-----w- c:\program files\McAfee Security Scan
2012-06-25 04:41:34 98816 ----a-w- c:\windows\sed.exe
2012-06-25 04:41:34 518144 ----a-w- c:\windows\SWREG.exe
2012-06-25 04:41:34 256000 ----a-w- c:\windows\PEV.exe
2012-06-25 04:41:34 208896 ----a-w- c:\windows\MBR.exe
2012-06-24 08:41:59 0 d-----w- c:\program files\Oracle
2012-06-24 08:39:32 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-24 07:45:14 0 d-----w- C:\TDSSKiller_Quarantine
2012-06-24 07:26:07 0 d-----w- c:\users\johnat~1\appdata\roaming\SUPERAntiSpyware.com
2012-06-24 07:25:23 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-24 07:25:23 0 d-----w- c:\program files\SUPERAntiSpyware
2012-06-24 07:01:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-24 07:01:28 0 d-----w- c:\users\johnat~1\appdata\roaming\Malwarebytes
2012-06-24 07:01:19 0 d-----w- c:\programdata\Malwarebytes
2012-06-24 07:01:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 07:01:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-24 06:16:12 0 d--h--w- c:\windows\PIF
2012-06-23 07:46:32 4096 ----a-w- c:\windows\d3dx.dat
2012-06-22 00:05:39 187616 ---ha-w- c:\windows\system32\mlfcache.dat
2012-06-21 15:47:51 0 d-----w- C:\!KillBox
2012-06-20 13:42:11 0 d-----w- c:\users\johnat~1\appdata\roaming\SEGA
2012-06-20 10:02:31 0 d-----w- c:\windows\en
2012-06-20 10:01:26 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-19 00:50:53 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 00:50:36 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 00:49:51 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 00:49:51 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-14 01:54:34 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 01:54:32 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 01:54:29 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 01:54:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 01:54:27 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 01:54:27 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 01:54:26 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 01:54:24 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 01:54:24 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 01:54:23 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 05:15:09 574 ----a-w- c:\windows\eReg.dat
2012-06-05 04:13:49 0 d-----w- c:\users\johnat~1\appdata\roaming\Lunascape
2012-06-05 04:10:17 0 d-----w- c:\program files\Lunascape
2012-06-05 04:01:14 0 d-----w- c:\programdata\Apple Computer
2012-06-05 03:58:57 0 d-----w- c:\program files\Bonjour
2012-06-05 03:58:13 0 d-----w- c:\programdata\Apple
2012-05-28 07:10:16 0 d-----w- c:\program files\common files\xing shared

==================== Find3M ====================

2012-06-01 13:24:44 45270 ----a-w- c:\users\johnat~1\appdata\roaming\room_v3.dat
2012-05-28 07:10:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-28 07:10:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-04 09:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2011-11-10 14:48:36 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2011-11-10 14:48:36 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2011-11-10 14:48:36 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2006-05-03 00:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 01:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 03:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2011-04-16 23:45:44 262144 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe

============= FINISH: 3:01:29.83 ===============


-----------------------------------




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2011 5:29:46 PM
System Uptime: 6/26/2012 2:48:14 AM (1 hours ago)

Motherboard: Wearnes | | CI1411-A1
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU 1 | 2266/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 19.654 GiB free.
D: is FIXED (NTFS) - 152 GiB total, 17.279 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP239: 6/25/2012 4:53:43 PM - Removed Adobe Reader X (10.0.1).
RP240: 6/25/2012 5:22:49 PM - Removed Adobe Reader X (10.1.3).
RP241: 6/26/2012 12:31:34 AM - 裏催眠術2 を削除しました

==== Installed Programs ======================


7-Zip 9.20
AAUTools
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.3)
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Software Update
Audacity 1.3.13 (Unicode)
Audition
AVG 2012
AVS Audio Editor 7.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Belkin Wireless G Plus MIMO USB Network Adapter
Bonjour
Canon MP250 series MP Drivers
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Craving Explorer Version 1.0.0
D3DX10
Dota 2
Dota 2 Test
Dropbox
EA Download Manager
EA.com Update
FIFA 2003
File Splitter and Joiner (FFSJ v3.3)
Flyff
Free Hide IP
Garena Plus
GIMP 2.6.11
GMATPrep(TM)
Google Drive
Google Update Helper
Hotkey 3.2003
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Japanese Fonts Support For Adobe Reader X
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 5
JavaFX 2.1.1
JDownloader
JMicron Ethernet Adapter NDIS Driver
JMicron JMB38X Flash Media Controller
Junk Mail filter update
LAME v3.98.3 for Audacity
League of Legends
Lunascape6 (All Users)
Malwarebytes Anti-Malware version 1.61.0.1400
MATLAB Student R2009a
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
MiKTeX 2.9
MKV player
MKV Player 2.0.1
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Nexon Game Manager
Nokia Connectivity Cable Driver
Pando Media Booster
Pangya (Ntreev SG Interactive)
PDF Combine
PDFCreator
Platform
PPLive Video Accelerator
PPLive Video Accelerator(0.6.5.0007)
PrimoPDF -- brought to you by Nitro PDF Software
QuickPar 0.9
R for Windows 2.13.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK Wireless LAN Driver
RealUpgrade 1.1
Registry Reviver
Safari
SaveVid Plug-in
Search-Results Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype? 5.9
Steam
SuddenAttack
SUPER c v2011.build.47 (March 12, 2011) version v2011.build.47
Super Street Fighter IV: Arcade Edition
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab for Intel
THE HOUSE OF THE DEAD 3
The Sims? 3
Uncharted Waters Online
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VIA Platform Device Manager
Virtua Tennis 4?
VLC media player 2.0.0
VOCALOID2 Editor V2.0.12.2J
VOCALOID2 Expression DB (Standard)
VOCALOID2 Voice DB (Len)
VOCALOID2 Voice DB (Luka_ENG)
VOCALOID2 Voice DB (Luka_JPN)
VOCALOID2 Voice DB (Miku)
VOCALOID2 Voice DB (Rin)
VOCALOID2 VSTi V2.0.12.3
Warcraft III
Warcraft III: All Products
WebCam Installer
WEBZEN Browser Extension
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 (32-bit)
XPatcher
YTD YouTube Downloader & Converter 3.6
催眠術2
放課後~濡れた制服~DVD
真・三國無双6 with 猛将伝

==== Event Viewer Messages From Past Week ========

6/26/2012 2:48:29 AM, Error: rtl8192se [0] -
6/26/2012 2:30:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/26/2012 2:30:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
6/26/2012 2:29:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:28:15 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/26/2012 2:24:27 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
6/26/2012 2:24:27 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:24:27 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:24:27 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/26/2012 2:24:27 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/26/2012 2:24:27 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/26/2012 2:24:27 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:24:27 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
6/26/2012 2:24:27 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:24:27 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/26/2012 2:07:27 AM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/25/2012 6:53:02 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2012 6:52:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
6/25/2012 6:50:43 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2012 6:41:42 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 6:41:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/25/2012 6:41:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/25/2012 6:41:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/25/2012 6:41:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/25/2012 6:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/25/2012 6:41:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/25/2012 6:41:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000001, 0x00000002, 0x00000008, 0x00000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062512-22838-01.
6/25/2012 6:40:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
6/25/2012 6:40:50 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2012 6:40:50 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 6:40:50 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 6:40:50 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 6:40:50 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 6:40:50 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 6:40:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2012 6:40:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2012 6:40:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2012 6:40:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2012 6:40:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2012 6:28:23 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/25/2012 6:15:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/25/2012 6:12:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000001, 0x00000002, 0x00000008, 0x00000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062512-27924-01.
6/25/2012 5:26:43 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/25/2012 4:51:26 AM, Error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
6/25/2012 4:10:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
6/25/2012 4:10:07 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/25/2012 4:09:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x84b4a500). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062512-41652-01.
6/25/2012 2:38:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82d3c795, 0xaf05b8ac, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062512-28470-01.
6/25/2012 11:29:17 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/25/2012 11:27:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/25/2012 10:04:14 PM, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: Overlapped I/O operation is in progress.
6/25/2012 1:23:20 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/24/2012 4:07:23 PM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/24/2012 4:07:08 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
6/24/2012 4:06:30 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/24/2012 4:06:13 PM, Error: Service Control Manager [7034] - The Intel(R) Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
6/24/2012 4:06:10 PM, Error: Service Control Manager [7031] - The PowerBiosServer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/24/2012 11:00:40 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.5 with the system having network hardware address 40-A6-D9-B4-70-6A. Network operations on this system may be disrupted as a result.
6/23/2012 9:12:44 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer BOBBY-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1CD53321-3E20-4012-A8D3-39C0D088B. The master browser is stopping or an election is being forced.
6/20/2012 4:49:46 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.6 with the system having network hardware address 70-F1-A1-20-A3-80. Network operations on this system may be disrupted as a result.
6/20/2012 10:38:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
6/19/2012 11:01:35 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Johnathan-PC\Johnathan SID (S-1-5-21-2321080641-3250327695-385329262-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

==== End Of File ===========================
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am
Advertisement
Register to Remove

Re: Malware that blocks sites and anti-malware

Unread postby Alander » June 26th, 2012, 3:00 pm

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.


  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please do not Run More Scans / Download Any Other Tools / Make Any Changes to the computer unless instructed to do so, as this will hinder the malware removal process (It is akin to playing hide and seek with the infection as tools removed things here and there)
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware that blocks sites and anti-malware

Unread postby Alander » June 28th, 2012, 1:08 pm

Hi :)

Please be reminded that you should not run More Scans / Download Any Other Tools / Make Any Changes to the computer unless instructed to do so

Is this machine used for any kind of business activities? I need to know to give the appropriate instructions

Did you set any kind of proxy in your internet settings as 127.0.0.1:9421;<local>?
Step 1
Upload File/Files for testing

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
c:\users\johnathan\appdata\local\iudhwidq\qbuthije.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Step 2
Please include the contents of C:\ComboFix.txt in your next reply

Step 3
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Permalink from virustotal
  3. Combofix log
Thanks
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » June 28th, 2012, 6:07 pm

Hi, the computer is only used for personal activities, not for commercial purposes. As far as I know, I didn't set any proxy.

The file in c:\users\johnathan\appdata\local\iudhwidq\qbuthije.exe does not seem to exist anymore because it was removed when I ran TFC.exe, as noted in edit 4 of the first post.

Also, ComboFix did not give me a log because the computer would always BSOD after ComboFix restarted it, and no log was produced. Should I run ComboFix again to see if it gives me a log?
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am

Re: Malware that blocks sites and anti-malware

Unread postby Alander » June 30th, 2012, 2:15 am

Hi :)

Please check if you have a combofix.txt file in the root of your C:\ Drive (Go to my computer, Click on C:\ Drive)
If there is one include it in your next post

Step 1
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  3. Click on Run Scan at the top left hand corner.
  4. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  5. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 2
Malwarebytes' Anti-Malware Rerun
I see you have MBAM (Malwarebytes' Anti-Malware) installed
  1. Please start MBAM (Malwarebytes' Anti-Malware) (Right click, run as administrator)
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Combofix log (if any)
  3. OTL and Extras.txt
  4. MBAM Log
  5. How is the computer behaving?
Please post each log file in seperate posts as the generated logs can be long and may exceed the maximum character limit

Thanks
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » June 30th, 2012, 7:53 pm

OTL didn't produce Extras.txt, probably because this isn't the first time I've run OTL (ran it while tinkering around trying to solve the problem back then). Other than that, everything else went without a hitch.
Last edited by desux3 on June 30th, 2012, 8:09 pm, edited 1 time in total.
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » June 30th, 2012, 7:55 pm

OTL logfile created on: 7/1/2012 2:18:42 AM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Johnathan\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 38.89% Memory free
5.86 Gb Paging File | 2.41 Gb Available in Paging File | 41.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.39 Gb Total Space | 10.97 Gb Free Space | 7.49% Space Free | Partition Type: NTFS
Drive D: | 151.60 Gb Total Space | 12.94 Gb Free Space | 8.54% Space Free | Partition Type: NTFS

Computer Name: JOHNATHAN-PC | User Name: Johnathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 02:17:13 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Johnathan\Desktop\OTL.exe
PRC - [2012/06/26 10:50:42 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/06/13 16:30:00 | 012,163,568 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2012/05/28 17:10:01 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Johnathan\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/25 04:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johnathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/09/02 22:46:00 | 000,446,328 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/18 03:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/16 02:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 22:17:42 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
PRC - [2010/11/20 22:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/09/20 18:34:28 | 000,071,152 | ---- | M] (Synacast) -- C:\Program Files\PPLive\PPVA\PPLiveVA.exe
PRC - [2009/12/09 15:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 15:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 02:21:59 | 001,169,408 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\wx._core_.pyd
MOD - [2012/06/28 02:21:59 | 001,056,256 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\wx._controls_.pyd
MOD - [2012/06/28 02:21:59 | 001,018,368 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\windows._cacheinvalidation.pyd
MOD - [2012/06/28 02:21:59 | 000,807,424 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\wx._windows_.pyd
MOD - [2012/06/28 02:21:59 | 000,792,576 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\wx._gdi_.pyd
MOD - [2012/06/28 02:21:59 | 000,731,136 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\wx._misc_.pyd
MOD - [2012/06/28 02:21:59 | 000,645,120 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\_ssl.pyd
MOD - [2012/06/28 02:21:59 | 000,585,728 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\unicodedata.pyd
MOD - [2012/06/28 02:21:59 | 000,571,392 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\pysqlite2._sqlite.pyd
MOD - [2012/06/28 02:21:59 | 000,354,304 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\pythoncom26.dll
MOD - [2012/06/28 02:21:59 | 000,311,808 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\_hashlib.pyd
MOD - [2012/06/28 02:21:59 | 000,263,168 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\win32com.shell.shell.pyd
MOD - [2012/06/28 02:21:59 | 000,153,088 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\pyexpat.pyd
MOD - [2012/06/28 02:21:59 | 000,121,856 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\wx._wizard.pyd
MOD - [2012/06/28 02:21:59 | 000,111,104 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\win32file.pyd
MOD - [2012/06/28 02:21:59 | 000,110,592 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\PyWinTypes26.dll
MOD - [2012/06/28 02:21:59 | 000,096,256 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\win32api.pyd
MOD - [2012/06/28 02:21:59 | 000,086,016 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\_elementtree.pyd
MOD - [2012/06/28 02:21:59 | 000,073,728 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\_ctypes.pyd
MOD - [2012/06/28 02:21:59 | 000,070,656 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\wx._html2.pyd
MOD - [2012/06/28 02:21:59 | 000,040,448 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\_socket.pyd
MOD - [2012/06/28 02:21:59 | 000,039,424 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\win32inet.pyd
MOD - [2012/06/28 02:21:59 | 000,036,352 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\win32process.pyd
MOD - [2012/06/28 02:21:59 | 000,022,528 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\win32pdh.pyd
MOD - [2012/06/28 02:21:59 | 000,017,920 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\win32event.pyd
MOD - [2012/06/28 02:21:59 | 000,011,776 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\win32crypt.pyd
MOD - [2012/06/28 02:21:59 | 000,011,776 | ---- | M] () -- C:\Users\Johnathan\AppData\Local\temp\_MEI51802\select.pyd
MOD - [2012/06/26 10:50:50 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/26 10:50:50 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/24 17:26:24 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/24 17:26:23 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/06/07 01:32:13 | 000,394,696 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2012/05/23 17:33:33 | 000,083,416 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2011/12/01 15:32:39 | 000,038,328 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2011/09/26 22:00:30 | 000,547,688 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/08/22 19:50:24 | 000,143,720 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\kernel\FWUpnp.dll
MOD - [2011/08/22 19:50:22 | 000,906,520 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\kernel\live\tpi.dll
MOD - [2011/04/18 16:01:10 | 000,251,400 | ---- | M] () -- C:\Program Files\Internet Explorer\PPLite\plugin\pplugin2.dll
MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/01/27 07:11:48 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/12/15 20:28:02 | 000,243,112 | ---- | M] () -- C:\Program Files\PPLive\PPVA\TipsClient.dll
MOD - [2010/09/20 18:34:28 | 000,362,856 | ---- | M] () -- C:\Program Files\PPLive\PPVA\CommonModule.dll
MOD - [2010/09/20 18:34:28 | 000,304,488 | ---- | M] () -- C:\Program Files\PPLive\PPVA\NetTools.dll
MOD - [2008/07/20 20:11:32 | 000,247,808 | ---- | M] () -- C:\Windows\System32\FFSJ\FFSJSHL.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/24 20:34:14 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/16 08:10:35 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/27 09:54:41 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\xsherlock.xem -- (xsherlock)
SRV - [2012/04/04 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/18 03:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/03/12 18:37:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/16 02:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2011/01/19 15:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/12/09 15:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/09 15:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xspirit.sys -- (xspirit)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva387.sys -- (XDva387)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva386.sys -- (XDva386)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JOHNAT~1\AppData\Local\Temp\xmvbkffq.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JOHNAT~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/01 02:20:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/07/23 02:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/14 23:27:20 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/02/26 18:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/25 13:27:00 | 000,098,928 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\JME.sys -- (JME)
DRV - [2010/01/22 15:19:34 | 001,119,744 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/11/05 19:49:28 | 000,982,528 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/09/23 12:25:18 | 000,120,432 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/13 07:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/05/02 09:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 09:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2005/11/24 21:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 2E 42 D4 83 E0 CB 01 [binary data]
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\SearchScopes,DefaultScope = {C7576B9D-B442-46bc-AF74-080A9E723E01}
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = http://websearch.search-results.com/red ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=2R&apn_dtid=get001YYAU&apn_uid=45CBCC11-5BFE-40D0-BEED-71E2095718BB&apn_sauid=C775D12D-5BBE-4E57-8677-F2EF8B7FA810
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9000/application.pac

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Search-Results"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..keyword.URL: "http://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=en_US&apn_uid=45CBCC11-5BFE-40D0-BEED-71E2095718BB&apn_ptnrs=2R&apn_sauid=C775D12D-5BBE-4E57-8677-F2EF8B7FA810&apn_dtid=get001YYAU&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.co.jp/NxGame: C:\ProgramData\NexonJP\NGM\npNxGameJP.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/12 12:47:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/10 19:37:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/28 17:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/28 17:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/16 08:10:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/26 02:55:42 | 000,000,000 | ---D | M]

[2012/06/05 18:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnathan\AppData\Roaming\Mozilla\Extensions
[2012/06/27 16:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnathan\AppData\Roaming\Mozilla\Firefox\Profiles\8x1qp87e.default\extensions
[2011/05/31 05:00:53 | 000,002,055 | ---- | M] () -- C:\Users\Johnathan\AppData\Roaming\Mozilla\Firefox\Profiles\8x1qp87e.default\searchplugins\daemon-search.xml
[2011/05/17 19:23:12 | 000,003,295 | ---- | M] () -- C:\Users\Johnathan\AppData\Roaming\Mozilla\Firefox\Profiles\8x1qp87e.default\searchplugins\search-results.xml
[2012/01/22 01:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/06 18:56:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/12 12:47:40 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/05/16 08:10:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/28 17:10:05 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/12/09 20:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/12 18:59:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 18:59:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/25 18:37:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Download_Bho Class) - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLive\PPVA\DownloaderManager.dll (PPLive Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [Akamai NetSession Interface] C:\Users\Johnathan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [EADM] "D:\Electronic Arts\EADM\EADMUI.exe" File not found
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [PPLiveVA] "C:\Program Files\PPLive\PPVA\PPLiveVA.exe" /LoadModule PPVA.DLL /M REAL /S 0 /T 0 File not found
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [QbuThije] C:\Users\Johnathan\AppData\Local\iudhwidq\qbuthije.exe File not found
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [SkyDrive] C:\Users\Johnathan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Johnathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johnathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..Trusted Domains: gameyarou.jp ([www] http in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 4.22.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CD53321-3E20-4012-A8D3-39C0D088BB3E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Johnathan\AppData\Local\iudhwidq\qbuthije.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 02:18:00 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Johnathan\Desktop\OTL.exe
[2012/06/30 10:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Gpotato
[2012/06/26 02:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/26 02:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/06/25 18:37:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/25 18:35:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/25 18:35:10 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\temp
[2012/06/25 18:14:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/25 17:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/06/25 17:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/25 17:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/06/25 17:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/25 14:41:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/25 14:41:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/25 14:41:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/25 13:18:55 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\Desktop\anti-malware
[2012/06/25 13:01:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/25 12:58:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/25 04:53:08 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{A66736B2-A4BD-49EA-8824-4D728435EB92}
[2012/06/25 04:52:32 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{6DF9C125-C8FE-4FEC-8D3C-F5478EFED096}
[2012/06/24 18:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/24 18:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/24 18:39:32 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/24 18:39:32 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/24 18:38:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/24 18:37:58 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/24 17:45:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/24 17:26:07 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/24 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/24 17:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/24 17:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/24 17:01:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/06/24 17:01:28 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\Malwarebytes
[2012/06/24 17:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/24 17:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/24 17:01:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/24 17:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/24 16:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012/06/24 16:16:12 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/06/24 16:14:09 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{81A13BD9-D15A-4873-9A77-F829AA09CF18}
[2012/06/24 16:13:24 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{F590E6EB-0BBC-441A-B99A-9ECFA13164C8}
[2012/06/23 14:07:47 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{E6C820B1-5618-476F-ABE4-E81AE345F7B2}
[2012/06/23 14:07:18 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{8C945BC6-5B16-4596-8335-A54097423D14}
[2012/06/23 02:06:46 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{813A5D87-D8B1-451E-8622-29C351CC776B}
[2012/06/23 02:06:15 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{D880A781-9EE0-4312-AD7C-23EEB266A424}
[2012/06/22 14:05:45 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{5A83F538-873E-4F1E-B643-8116FF5B420B}
[2012/06/22 14:05:18 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{12940749-EDBF-4E33-AADA-BF5C5F80E706}
[2012/06/22 02:05:49 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{EB5D0BAF-063A-4037-87E2-58420A460BB1}
[2012/06/22 01:47:51 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/06/20 23:42:11 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\SEGA
[2012/06/20 20:04:52 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{57A0840D-0DB4-4E9E-AA2A-3393B012A6F3}
[2012/06/20 20:04:22 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{C94065A8-E342-4612-B3AE-D73485932BD2}
[2012/06/20 20:02:31 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/20 19:49:00 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{6C9AA665-73AA-498A-9782-4237731A49BD}
[2012/06/20 19:48:30 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{4CDB8D53-80E1-4AD6-B8D6-2BE471C3774C}
[2012/06/20 19:47:24 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{EF064D97-6BFD-4397-896C-A271129D680E}
[2012/06/20 19:46:53 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{1593DDAE-569C-452F-915C-7C74B7F57934}
[2012/06/19 21:56:08 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{7E7F19F3-17EC-4F36-9757-30F769C2829A}
[2012/06/19 21:55:25 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{1A665E12-AE59-4AE8-A3B7-E38FF0257265}
[2012/06/19 20:41:46 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\iudhwidq
[2012/06/19 10:57:42 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{2CAC941B-04D3-41DE-B6B5-18362C2BAB98}
[2012/06/19 10:56:56 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{721A39F9-AD82-48CB-BA8F-EAEF443AA50B}
[2012/06/19 10:50:53 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 10:50:53 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 10:50:36 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 10:50:36 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 10:50:36 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 10:49:51 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 10:49:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/18 10:57:38 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{62F5D12E-CA4F-4B21-A892-4AE6E4757441}
[2012/06/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{1386361E-418B-4EF2-B0C9-B81D68CFAB84}
[2012/06/17 16:06:52 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\BISHOP
[2012/06/17 15:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BISHOP
[2012/06/17 00:18:04 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{FBD30D8F-847B-48A2-9A91-BE36AE85E7FC}
[2012/06/15 12:18:37 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{A17D337E-93EA-414B-B399-A1788A5885DA}
[2012/06/15 11:46:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/15 11:46:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/15 11:46:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/15 11:46:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/15 11:46:17 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/15 11:46:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/15 11:46:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 11:54:29 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/14 11:54:27 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/14 11:54:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/14 11:54:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/14 00:44:48 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{8E4F7599-89F0-46F0-B452-53F9A26A6E30}
[2012/06/14 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{E1292376-EAB9-461D-BFBD-A6BC5A649060}
[2012/06/13 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BLACKRAINBOW
[2012/06/12 12:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/10 16:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/10 16:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/10 12:52:01 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{8CF89F1C-4208-46EE-BA06-850C660995A1}
[2012/06/10 02:09:15 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{18A9FDB7-8398-4441-9BB9-A11BA2B50619}
[2012/06/05 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\Apple Computer
[2012/06/05 18:52:17 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\Apple Computer
[2012/06/05 14:13:49 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\Lunascape
[2012/06/05 14:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6
[2012/06/05 14:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2012/06/05 14:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/06/05 14:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/05 13:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/05 13:58:30 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\Apple
[2012/06/05 13:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/05 13:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/04 09:43:41 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{B1CFA390-95DF-4656-8C17-4EA7F0EE020B}
[2012/06/04 09:43:05 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{ACFFFC31-628B-4DD5-9427-8149E86E9CB2}
[2012/06/03 17:54:39 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{B56D76F6-4EA2-4868-9E53-2F7E49D659A4}
[2012/06/03 01:38:58 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{0EBBD7D1-5B2B-4714-8012-87C312D04748}
[2012/06/02 09:36:58 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{EFBBFB0F-1F2C-4AE7-8F31-0D00C37DB6C0}
[2012/06/02 09:35:46 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{F5593927-3BC6-4623-ACFF-6EF88039203A}
[2011/12/18 09:25:28 | 000,416,907 | ---- | C] (www.gamerkraft.com ) -- C:\Users\Johnathan\Pristontale2_EN_v224.exe

========== Files - Modified Within 30 Days ==========

[2012/07/01 02:23:22 | 000,000,029 | ---- | M] () -- C:\Windows\System32\TempWmicBatchFile.bat
[2012/07/01 02:20:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/01 02:17:13 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Johnathan\Desktop\OTL.exe
[2012/07/01 01:45:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/30 17:08:04 | 100,823,052 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/30 17:03:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 10:22:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Flyff.lnk
[2012/06/30 09:55:22 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 19:58:53 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/27 19:58:53 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/27 19:47:56 | 3590,407,193 | ---- | M] () -- C:\Users\Johnathan\Desktop\ATDownloaderV32010.exe
[2012/06/27 15:17:54 | 000,024,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 15:17:54 | 000,024,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 17:06:46 | 000,458,289 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/26 02:55:46 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/26 02:48:41 | 1500,938,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 00:33:49 | 000,000,723 | ---- | M] () -- C:\Windows\disney.ini
[2012/06/25 19:02:09 | 000,000,056 | ---- | M] () -- C:\Users\Johnathan\AppData\Roaming\mbam.context.scan
[2012/06/25 18:40:32 | 265,072,384 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/25 18:37:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/25 17:00:10 | 000,002,112 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/24 18:36:08 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/24 18:36:08 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/24 18:36:08 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/24 17:25:42 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/24 16:45:53 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/06/23 17:46:32 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2012/06/22 10:05:39 | 000,187,616 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012/06/15 12:25:56 | 000,001,015 | ---- | M] () -- C:\Users\Johnathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/15 12:25:24 | 000,000,991 | ---- | M] () -- C:\Users\Johnathan\Desktop\Dropbox.lnk
[2012/06/15 12:16:52 | 000,408,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 15:15:09 | 000,000,574 | ---- | M] () -- C:\Windows\eReg.dat
[2012/06/12 12:47:41 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/05 14:13:14 | 000,001,177 | ---- | M] () -- C:\Users\Johnathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2012/06/05 14:13:14 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Lunascape6.lnk
[2012/06/05 14:03:09 | 000,002,503 | ---- | M] () -- C:\Users\Johnathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/05 14:03:06 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/03 08:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/03 08:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/03 08:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/03 08:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/03 08:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/01 23:24:44 | 000,045,270 | ---- | M] () -- C:\Users\Johnathan\AppData\Roaming\room_v3.dat

========== Files Created - No Company Name ==========

[2012/06/27 18:52:49 | 3590,407,193 | ---- | C] () -- C:\Users\Johnathan\Desktop\ATDownloaderV32010.exe
[2012/06/26 02:55:46 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/26 02:55:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/25 19:02:09 | 000,000,056 | ---- | C] () -- C:\Users\Johnathan\AppData\Roaming\mbam.context.scan
[2012/06/25 18:40:32 | 265,072,384 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/25 17:00:10 | 000,002,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/25 14:41:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/25 14:41:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/25 14:41:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/25 14:41:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/25 14:41:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/24 17:25:42 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/24 16:45:53 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/06/23 17:46:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/06/22 10:05:39 | 000,187,616 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/06/13 15:15:09 | 000,000,574 | ---- | C] () -- C:\Windows\eReg.dat
[2012/06/05 14:13:14 | 000,001,177 | ---- | C] () -- C:\Users\Johnathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2012/06/05 14:13:14 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Lunascape6.lnk
[2012/06/05 14:03:09 | 000,002,503 | ---- | C] () -- C:\Users\Johnathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/05 14:03:06 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/05 14:03:04 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/06/05 13:58:14 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/23 10:21:02 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2012/02/29 16:57:17 | 000,715,038 | ---- | C] () -- C:\Windows\unins001.exe
[2012/02/29 16:54:51 | 000,206,916 | ---- | C] () -- C:\Windows\unins001.dat
[2011/12/27 23:59:30 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/12/27 23:19:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/12/24 20:10:57 | 000,000,412 | ---- | C] () -- C:\Users\Johnathan\AppData\Roaming\ceccam11.ini
[2011/12/07 19:30:47 | 000,045,270 | ---- | C] () -- C:\Users\Johnathan\AppData\Roaming\room_v3.dat
[2011/12/01 14:34:08 | 000,000,040 | ---- | C] () -- C:\Windows\System32\Sx5363.ini
[2011/11/23 15:56:44 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2011/11/23 15:56:43 | 000,004,035 | ---- | C] () -- C:\Windows\unins000.dat
[2011/10/30 20:16:45 | 000,000,048 | ---- | C] () -- C:\Users\Johnathan\jagex_cl_runescape_LIVE.dat
[2011/10/30 20:16:45 | 000,000,001 | ---- | C] () -- C:\Users\Johnathan\random.dat
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/08/12 16:26:03 | 000,000,723 | ---- | C] () -- C:\Windows\disney.ini
[2011/07/26 06:46:42 | 000,000,849 | ---- | C] () -- C:\Users\Johnathan\.recently-used.xbel
[2011/07/01 17:50:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/26 15:16:53 | 004,874,240 | ---- | C] () -- C:\Windows\System32\DSE2_DFT.dll
[2011/06/07 01:04:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/17 19:43:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011/03/12 19:22:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/12 16:40:34 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/03/12 16:33:12 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/02/10 14:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2011/01/30 21:34:54 | 000,099,490 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/01/27 07:49:50 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/01/27 07:49:46 | 000,105,420 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/01/27 07:49:44 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/01/27 07:17:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/01/27 07:11:48 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/01/20 16:53:34 | 000,000,226 | R--- | C] () -- C:\Windows\OEM.ini
[2011/01/20 16:52:55 | 000,015,190 | ---- | C] () -- C:\Windows\S6000Twn.ini
[2011/01/20 16:46:26 | 000,000,032 | ---- | C] () -- C:\Windows\Setuplog.ini

========== Files - Unicode (All) ==========
[2011/03/26 07:58:45 | 000,002,213 | ---- | M] ()(C:\Users\Public\Desktop\The Sims? 3.lnk) -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/03/18 22:16:18 | 000,002,213 | ---- | C] ()(C:\Users\Public\Desktop\The Sims? 3.lnk) -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/02/07 12:29:27 | 000,030,208 | ---- | C] ()(C:\Users\Johnathan\Documents\愛情瑪奇?.doc) -- C:\Users\Johnathan\Documents\愛情瑪奇朵.doc
[2011/02/07 12:29:27 | 000,026,624 | ---- | C] ()(C:\Users\Johnathan\Documents\?裡怕.doc) -- C:\Users\Johnathan\Documents\哪裡怕.doc
[2011/02/07 12:29:27 | 000,024,576 | ---- | C] ()(C:\Users\Johnathan\Documents\對?愛不完.doc) -- C:\Users\Johnathan\Documents\對你愛不完.doc
[2009/11/11 16:47:50 | 000,024,576 | ---- | M] ()(C:\Users\Johnathan\Documents\對?愛不完.doc) -- C:\Users\Johnathan\Documents\對你愛不完.doc
[2009/10/25 17:32:06 | 000,026,624 | ---- | M] ()(C:\Users\Johnathan\Documents\?裡怕.doc) -- C:\Users\Johnathan\Documents\哪裡怕.doc
[2009/08/17 23:07:32 | 000,030,208 | ---- | M] ()(C:\Users\Johnathan\Documents\愛情瑪奇?.doc) -- C:\Users\Johnathan\Documents\愛情瑪奇朵.doc

< End of report >
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » June 30th, 2012, 7:58 pm

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Johnathan :: JOHNATHAN-PC [administrator]

7/1/2012 2:34:39 AM
mbam-log-2012-07-01 (02-34-39).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 695565
Time elapsed: 3 hour(s), 21 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am

Re: Malware that blocks sites and anti-malware

Unread postby Alander » July 1st, 2012, 3:29 pm

Hi :)

Step 1
Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Java(TM) 6 Update 29
Pando Media Booster
Registry Reviver
Search-Results Toolbar


Step 2
Run OTL Script

We need to run an OTL Fix

  • Right clickOTL.exe and select Run as administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
    IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\SearchScopes,DefaultScope = {C7576B9D-B442-46bc-AF74-080A9E723E01}
    IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = http://websearch.search-results.com/red ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=2R&apn_dtid=get001YYAU&apn_uid=45CBCC11-5BFE-40D0-BEED-71E2095718BB&apn_sauid=C775D12D-5BBE-4E57-8677-F2EF8B7FA810
    
    FF - prefs.js..browser.search.defaultengine: "Search-Results"
    FF - prefs.js..browser.search.defaultenginename: "Search-Results"
    FF - prefs.js..browser.search.order.1: "Search-Results"
    FF - prefs.js..browser.search.selectedEngine: "Search-Results"
    FF - prefs.js..keyword.URL: "http://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=en_US&apn_uid=45CBCC11-5BFE-40D0-BEED-71E2095718BB&apn_ptnrs=2R&apn_sauid=C775D12D-5BBE-4E57-8677-F2EF8B7FA810&apn_dtid=get001YYAU&q="
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    
    O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
    O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
    O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
    O3 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results)
    O4 - HKLM..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe File not found
    O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
    O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [EADM] "D:\Electronic Arts\EADM\EADMUI.exe" File not found
    O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [QbuThije] C:\Users\Johnathan\AppData\Local\iudhwidq\qbuthije.exe File not found
    
    O20 - HKLM Winlogon: UserInit - (C:\Users\Johnathan\AppData\Local\iudhwidq\qbuthije.exe) - File not found
    
    
    :files
    C:\Users\Johnathan\AppData\Local\iudhwidq
    C:\Users\Johnathan\AppData\Local\{A66736B2-A4BD-49EA-8824-4D728435EB92}
    C:\Users\Johnathan\AppData\Local\{6DF9C125-C8FE-4FEC-8D3C-F5478EFED096}
    C:\Users\Johnathan\AppData\Local\{81A13BD9-D15A-4873-9A77-F829AA09CF18}
    C:\Users\Johnathan\AppData\Local\{F590E6EB-0BBC-441A-B99A-9ECFA13164C8}
    C:\Users\Johnathan\AppData\Local\{E6C820B1-5618-476F-ABE4-E81AE345F7B2}
    C:\Users\Johnathan\AppData\Local\{8C945BC6-5B16-4596-8335-A54097423D14}
    C:\Users\Johnathan\AppData\Local\{813A5D87-D8B1-451E-8622-29C351CC776B}
    C:\Users\Johnathan\AppData\Local\{D880A781-9EE0-4312-AD7C-23EEB266A424}
    C:\Users\Johnathan\AppData\Local\{5A83F538-873E-4F1E-B643-8116FF5B420B}
    C:\Users\Johnathan\AppData\Local\{12940749-EDBF-4E33-AADA-BF5C5F80E706}
    C:\Users\Johnathan\AppData\Local\{EB5D0BAF-063A-4037-87E2-58420A460BB1}
    C:\Users\Johnathan\AppData\Local\{57A0840D-0DB4-4E9E-AA2A-3393B012A6F3}
    C:\Users\Johnathan\AppData\Local\{C94065A8-E342-4612-B3AE-D73485932BD2}
    C:\Users\Johnathan\AppData\Local\{6C9AA665-73AA-498A-9782-4237731A49BD}
    C:\Users\Johnathan\AppData\Local\{4CDB8D53-80E1-4AD6-B8D6-2BE471C3774C}
    C:\Users\Johnathan\AppData\Local\{EF064D97-6BFD-4397-896C-A271129D680E}
    C:\Users\Johnathan\AppData\Local\{1593DDAE-569C-452F-915C-7C74B7F57934}
    C:\Users\Johnathan\AppData\Local\{7E7F19F3-17EC-4F36-9757-30F769C2829A}
    C:\Users\Johnathan\AppData\Local\{1A665E12-AE59-4AE8-A3B7-E38FF0257265}
    C:\Users\Johnathan\AppData\Local\{2CAC941B-04D3-41DE-B6B5-18362C2BAB98}
    C:\Users\Johnathan\AppData\Local\{721A39F9-AD82-48CB-BA8F-EAEF443AA50B}
    C:\Users\Johnathan\AppData\Local\{62F5D12E-CA4F-4B21-A892-4AE6E4757441}
    C:\Users\Johnathan\AppData\Local\{1386361E-418B-4EF2-B0C9-B81D68CFAB84}
    C:\Users\Johnathan\AppData\Local\{FBD30D8F-847B-48A2-9A91-BE36AE85E7FC}
    C:\Users\Johnathan\AppData\Local\{A17D337E-93EA-414B-B399-A1788A5885DA}
    C:\Users\Johnathan\AppData\Local\{8E4F7599-89F0-46F0-B452-53F9A26A6E30}
    C:\Users\Johnathan\AppData\Local\{E1292376-EAB9-461D-BFBD-A6BC5A649060}
    C:\Users\Johnathan\AppData\Local\{8CF89F1C-4208-46EE-BA06-850C660995A1}
    C:\Users\Johnathan\AppData\Local\{18A9FDB7-8398-4441-9BB9-A11BA2B50619}
    C:\Users\Johnathan\AppData\Local\{B1CFA390-95DF-4656-8C17-4EA7F0EE020B}
    C:\Users\Johnathan\AppData\Local\{ACFFFC31-628B-4DD5-9427-8149E86E9CB2}
    C:\Users\Johnathan\AppData\Local\{B56D76F6-4EA2-4868-9E53-2F7E49D659A4}
    C:\Users\Johnathan\AppData\Local\{0EBBD7D1-5B2B-4714-8012-87C312D04748}
    C:\Users\Johnathan\AppData\Local\{EFBBFB0F-1F2C-4AE7-8F31-0D00C37DB6C0}
    C:\Users\Johnathan\AppData\Local\{F5593927-3BC6-4623-ACFF-6EF88039203A}
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Step 3
Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:
C:\Windows\System32\TempWmicBatchFile.bat
C:\Users\Johnathan\Desktop\ATDownloaderV32010.exe
C:\Users\Johnathan\random.dat


Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image
Repeat for each of these files, you should come back with 3 permalinks

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTL Log
  3. The 3 perma Links
  4. How is the computer behaving?
Thanks
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » July 2nd, 2012, 5:41 am

Hi, no problems with step 1. I removed the stuff that was there.

Step 2 couldn't be completed because OTL always went "not responding" at one of the O3 files. I waited for around 15 minutes and it still didn't respond.

Step 3: https://www.virustotal.com/file/ed0e4c7 ... 341221806/

https://www.virustotal.com/file/a8100ae ... 341221959/

The above are the first and third files. The second file couldn't be analysed because it's too big (3.34 GB). I don't think there's a problem with that file though because it's the installer for an MMORPG game that I downloaded recently.
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am

Re: Malware that blocks sites and anti-malware

Unread postby Alander » July 3rd, 2012, 2:54 pm

Hi, lets try to see if the fix worked by running OTL Again

Step 1
OTL
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  3. Click on Run Scan at the top left hand corner.
  4. When done, one Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
  5. Please post the contents of OTL.txt files in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » July 5th, 2012, 2:31 am

OTL logfile created on: 7/5/2012 8:51:06 AM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Johnathan\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 56.28% Memory free
4.37 Gb Paging File | 2.34 Gb Available in Paging File | 53.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.39 Gb Total Space | 14.32 Gb Free Space | 9.78% Space Free | Partition Type: NTFS
Drive D: | 151.60 Gb Total Space | 10.51 Gb Free Space | 6.93% Space Free | Partition Type: NTFS

Computer Name: JOHNATHAN-PC | User Name: Johnathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 02:17:13 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Johnathan\Desktop\OTL.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/06/13 03:47:56 | 005,161,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/05/25 04:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johnathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/09/02 22:46:00 | 000,446,328 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/16 02:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/11/20 22:17:42 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
PRC - [2010/09/20 18:34:28 | 000,071,152 | ---- | M] (Synacast) -- C:\Program Files\PPLive\PPVA\PPLiveVA.exe
PRC - [2009/12/09 15:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 15:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/03 20:22:38 | 000,398,792 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2012/05/23 17:33:33 | 000,083,416 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2011/12/01 15:32:39 | 000,038,328 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2011/09/26 22:00:30 | 000,547,688 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/08/22 19:50:30 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\player\audioswitcher.ax
MOD - [2011/08/22 19:50:24 | 000,143,720 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\kernel\FWUpnp.dll
MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/12/15 20:28:02 | 000,243,112 | ---- | M] () -- C:\Program Files\PPLive\PPVA\TipsClient.dll
MOD - [2010/09/20 18:34:28 | 000,362,856 | ---- | M] () -- C:\Program Files\PPLive\PPVA\CommonModule.dll
MOD - [2010/09/20 18:34:28 | 000,304,488 | ---- | M] () -- C:\Program Files\PPLive\PPVA\NetTools.dll
MOD - [2008/07/20 20:11:32 | 000,247,808 | ---- | M] () -- C:\Windows\System32\FFSJ\FFSJSHL.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/13 03:47:56 | 005,161,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/24 20:34:14 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/16 08:10:35 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/27 09:54:41 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\xsherlock.xem -- (xsherlock)
SRV - [2012/04/04 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/18 03:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/03/12 18:37:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/16 02:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2011/01/19 15:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/12/09 15:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/09 15:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xspirit.sys -- (xspirit)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva387.sys -- (XDva387)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva386.sys -- (XDva386)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JOHNAT~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/07/23 02:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/14 23:27:20 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/02/26 18:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/25 13:27:00 | 000,098,928 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\JME.sys -- (JME)
DRV - [2010/01/22 15:19:34 | 001,119,744 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/11/05 19:49:28 | 000,982,528 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/09/23 12:25:18 | 000,120,432 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/13 07:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/05/02 09:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 09:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2005/11/24 21:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 2E 42 D4 83 E0 CB 01 [binary data]
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
IE - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9000/application.pac

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.co.jp/NxGame: C:\ProgramData\NexonJP\NGM\npNxGameJP.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/03 08:10:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 08:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/28 17:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/28 17:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/16 08:10:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/26 02:55:42 | 000,000,000 | ---D | M]

[2012/06/05 18:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnathan\AppData\Roaming\Mozilla\Extensions
[2012/06/27 16:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnathan\AppData\Roaming\Mozilla\Firefox\Profiles\8x1qp87e.default\extensions
[2011/05/31 05:00:53 | 000,002,055 | ---- | M] () -- C:\Users\Johnathan\AppData\Roaming\Mozilla\Firefox\Profiles\8x1qp87e.default\searchplugins\daemon-search.xml
[2011/05/17 19:23:12 | 000,003,295 | ---- | M] () -- C:\Users\Johnathan\AppData\Roaming\Mozilla\Firefox\Profiles\8x1qp87e.default\searchplugins\search-results.xml
[2012/01/22 01:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/06 18:56:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/03 08:10:48 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/05/16 08:10:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/28 17:10:05 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/12/09 20:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/12 18:59:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 18:59:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/25 18:37:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Download_Bho Class) - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLive\PPVA\DownloaderManager.dll (PPLive Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [Akamai NetSession Interface] C:\Users\Johnathan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [EADM] "D:\Electronic Arts\EADM\EADMUI.exe" File not found
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [PPLiveVA] "C:\Program Files\PPLive\PPVA\PPLiveVA.exe" /LoadModule PPVA.DLL /M REAL /S 0 /T 0 File not found
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [QbuThije] C:\Users\Johnathan\AppData\Local\iudhwidq\qbuthije.exe File not found
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [SkyDrive] C:\Users\Johnathan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10u_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Johnathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johnathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000\..Trusted Domains: gameyarou.jp ([www] http in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 4.22.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CD53321-3E20-4012-A8D3-39C0D088BB3E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Johnathan\AppData\Local\iudhwidq\qbuthije.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 05:08:16 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{FD235029-C0BF-4A5A-8906-D892D431CD01}
[2012/07/05 05:07:48 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{0A5AA2EE-F346-4C96-BC46-4972E1176B8A}
[2012/07/04 17:06:42 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{3E6209DA-7C8D-4A20-B539-06926DBA5762}
[2012/07/04 17:05:15 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{B7CFA4AB-9CFD-4CC6-8EA3-3AA750F6A893}
[2012/07/04 05:04:45 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{911F233D-856E-4B86-B480-AF7BD1E0C63B}
[2012/07/04 05:04:15 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{52EA660F-C401-45C1-B2F5-472A1BF55B31}
[2012/07/03 17:03:43 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{4B3791D5-E4EC-4A84-B83C-7E8D6E99998E}
[2012/07/03 17:03:13 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{AE0CCA76-E834-4C17-802E-8E3512EBCE40}
[2012/07/03 08:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/03 05:02:44 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{586AAD2E-01FF-4C76-A71E-202270681411}
[2012/07/03 05:02:15 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{AF14E9B4-46F8-4070-B3D4-F947C30C8BE4}
[2012/07/02 19:23:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/02 19:17:11 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Johnathan\Desktop\OTL.exe
[2012/07/02 17:01:25 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{4FEED241-3B4F-4509-BDFF-25EB59574138}
[2012/07/02 17:00:57 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{D9AA5DF8-3DCF-4440-AB25-DE41E9A29B6D}
[2012/07/02 04:25:17 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{FC665FF2-3642-4134-9662-6374432B008F}
[2012/07/02 01:48:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/01 16:24:13 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{4695E1A1-6A69-4913-A9DC-F96AB3BF9D39}
[2012/07/01 16:23:30 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{CA539E16-22E2-4D36-B97A-CDDCAA3850E0}
[2012/06/30 10:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Gpotato
[2012/06/26 02:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/26 02:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/06/25 18:37:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/25 18:35:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/25 18:35:10 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\temp
[2012/06/25 18:14:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/25 17:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/06/25 17:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/25 17:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/06/25 17:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/25 14:41:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/25 14:41:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/25 14:41:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/25 13:01:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/25 12:58:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/25 04:53:08 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{A66736B2-A4BD-49EA-8824-4D728435EB92}
[2012/06/25 04:52:32 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{6DF9C125-C8FE-4FEC-8D3C-F5478EFED096}
[2012/06/24 18:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/24 18:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/24 18:39:32 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/24 18:39:32 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/24 18:38:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/24 18:37:58 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/24 17:45:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/24 17:26:07 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/24 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/24 17:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/24 17:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/24 17:01:28 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\Malwarebytes
[2012/06/24 17:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/24 17:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/24 17:01:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/24 17:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/24 16:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012/06/24 16:16:12 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/06/24 16:14:09 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{81A13BD9-D15A-4873-9A77-F829AA09CF18}
[2012/06/24 16:13:24 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{F590E6EB-0BBC-441A-B99A-9ECFA13164C8}
[2012/06/23 14:07:47 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{E6C820B1-5618-476F-ABE4-E81AE345F7B2}
[2012/06/23 14:07:18 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{8C945BC6-5B16-4596-8335-A54097423D14}
[2012/06/23 02:06:46 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{813A5D87-D8B1-451E-8622-29C351CC776B}
[2012/06/23 02:06:15 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{D880A781-9EE0-4312-AD7C-23EEB266A424}
[2012/06/22 14:05:45 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{5A83F538-873E-4F1E-B643-8116FF5B420B}
[2012/06/22 14:05:18 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{12940749-EDBF-4E33-AADA-BF5C5F80E706}
[2012/06/22 02:05:49 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{EB5D0BAF-063A-4037-87E2-58420A460BB1}
[2012/06/22 01:47:51 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/06/20 23:42:11 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\SEGA
[2012/06/20 20:04:52 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{57A0840D-0DB4-4E9E-AA2A-3393B012A6F3}
[2012/06/20 20:04:22 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{C94065A8-E342-4612-B3AE-D73485932BD2}
[2012/06/20 20:02:31 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/20 19:49:00 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{6C9AA665-73AA-498A-9782-4237731A49BD}
[2012/06/20 19:48:30 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{4CDB8D53-80E1-4AD6-B8D6-2BE471C3774C}
[2012/06/20 19:47:24 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{EF064D97-6BFD-4397-896C-A271129D680E}
[2012/06/20 19:46:53 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{1593DDAE-569C-452F-915C-7C74B7F57934}
[2012/06/19 21:56:08 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{7E7F19F3-17EC-4F36-9757-30F769C2829A}
[2012/06/19 21:55:25 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{1A665E12-AE59-4AE8-A3B7-E38FF0257265}
[2012/06/19 20:41:46 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\iudhwidq
[2012/06/19 10:57:42 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{2CAC941B-04D3-41DE-B6B5-18362C2BAB98}
[2012/06/19 10:56:56 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{721A39F9-AD82-48CB-BA8F-EAEF443AA50B}
[2012/06/19 10:50:53 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 10:50:53 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 10:50:36 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 10:50:36 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 10:50:36 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 10:49:51 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 10:49:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/18 10:57:38 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{62F5D12E-CA4F-4B21-A892-4AE6E4757441}
[2012/06/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{1386361E-418B-4EF2-B0C9-B81D68CFAB84}
[2012/06/17 16:06:52 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\BISHOP
[2012/06/17 15:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BISHOP
[2012/06/17 00:18:04 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{FBD30D8F-847B-48A2-9A91-BE36AE85E7FC}
[2012/06/15 12:18:37 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{A17D337E-93EA-414B-B399-A1788A5885DA}
[2012/06/15 11:46:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/15 11:46:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/15 11:46:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/15 11:46:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/15 11:46:17 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/15 11:46:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/15 11:46:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 11:54:29 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/14 11:54:27 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/14 11:54:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/14 11:54:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/14 00:44:48 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{8E4F7599-89F0-46F0-B452-53F9A26A6E30}
[2012/06/14 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{E1292376-EAB9-461D-BFBD-A6BC5A649060}
[2012/06/13 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BLACKRAINBOW
[2012/06/10 16:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/10 16:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/10 12:52:01 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{8CF89F1C-4208-46EE-BA06-850C660995A1}
[2012/06/10 02:09:15 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\{18A9FDB7-8398-4441-9BB9-A11BA2B50619}
[2012/06/05 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\Apple Computer
[2012/06/05 18:52:17 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\Apple Computer
[2012/06/05 14:13:49 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Roaming\Lunascape
[2012/06/05 14:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6
[2012/06/05 14:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2012/06/05 14:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/06/05 14:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/05 13:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/05 13:58:30 | 000,000,000 | ---D | C] -- C:\Users\Johnathan\AppData\Local\Apple
[2012/06/05 13:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/05 13:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/12/18 09:25:28 | 000,416,907 | ---- | C] (www.gamerkraft.com ) -- C:\Users\Johnathan\Pristontale2_EN_v224.exe

========== Files - Modified Within 30 Days ==========

[2012/07/05 08:55:38 | 000,000,029 | ---- | M] () -- C:\Windows\System32\TempWmicBatchFile.bat
[2012/07/05 08:45:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/05 08:33:03 | 101,111,739 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/04 17:19:52 | 000,024,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 17:19:52 | 000,024,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 16:56:30 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 16:55:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/03 08:10:48 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/02 19:48:43 | 1500,938,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 17:20:01 | 000,458,550 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/07/01 02:17:13 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Johnathan\Desktop\OTL.exe
[2012/06/30 10:22:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Flyff.lnk
[2012/06/27 19:58:53 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/27 19:58:53 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/27 19:47:56 | 3590,407,193 | ---- | M] () -- C:\Users\Johnathan\Desktop\ATDownloaderV32010.exe
[2012/06/26 02:55:46 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/26 00:33:49 | 000,000,723 | ---- | M] () -- C:\Windows\disney.ini
[2012/06/25 19:02:09 | 000,000,056 | ---- | M] () -- C:\Users\Johnathan\AppData\Roaming\mbam.context.scan
[2012/06/25 18:40:32 | 265,072,384 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/25 18:37:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/25 17:00:10 | 000,002,112 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/24 18:36:08 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/24 18:36:08 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/24 18:36:08 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/24 17:25:42 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/24 16:45:53 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/06/23 17:46:32 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2012/06/22 10:05:39 | 000,187,616 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012/06/15 12:25:56 | 000,001,015 | ---- | M] () -- C:\Users\Johnathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/15 12:25:24 | 000,000,991 | ---- | M] () -- C:\Users\Johnathan\Desktop\Dropbox.lnk
[2012/06/15 12:16:52 | 000,408,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 15:15:09 | 000,000,574 | ---- | M] () -- C:\Windows\eReg.dat
[2012/06/05 14:13:14 | 000,001,177 | ---- | M] () -- C:\Users\Johnathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2012/06/05 14:13:14 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Lunascape6.lnk
[2012/06/05 14:03:09 | 000,002,503 | ---- | M] () -- C:\Users\Johnathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/05 14:03:06 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

========== Files Created - No Company Name ==========

[2012/06/27 18:52:49 | 3590,407,193 | ---- | C] () -- C:\Users\Johnathan\Desktop\ATDownloaderV32010.exe
[2012/06/26 02:55:46 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/26 02:55:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/25 19:02:09 | 000,000,056 | ---- | C] () -- C:\Users\Johnathan\AppData\Roaming\mbam.context.scan
[2012/06/25 18:40:32 | 265,072,384 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/25 17:00:10 | 000,002,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/25 14:41:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/25 14:41:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/25 14:41:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/25 14:41:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/25 14:41:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/24 17:25:42 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/24 16:45:53 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/06/23 17:46:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/06/22 10:05:39 | 000,187,616 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/06/13 15:15:09 | 000,000,574 | ---- | C] () -- C:\Windows\eReg.dat
[2012/06/05 14:13:14 | 000,001,177 | ---- | C] () -- C:\Users\Johnathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2012/06/05 14:13:14 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Lunascape6.lnk
[2012/06/05 14:03:09 | 000,002,503 | ---- | C] () -- C:\Users\Johnathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/05 14:03:06 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/05 14:03:04 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/06/05 13:58:14 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/23 10:21:02 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2012/02/29 16:57:17 | 000,715,038 | ---- | C] () -- C:\Windows\unins001.exe
[2012/02/29 16:54:51 | 000,206,916 | ---- | C] () -- C:\Windows\unins001.dat
[2011/12/27 23:59:30 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/12/27 23:19:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/12/24 20:10:57 | 000,000,412 | ---- | C] () -- C:\Users\Johnathan\AppData\Roaming\ceccam11.ini
[2011/12/07 19:30:47 | 000,045,270 | ---- | C] () -- C:\Users\Johnathan\AppData\Roaming\room_v3.dat
[2011/12/01 14:34:08 | 000,000,040 | ---- | C] () -- C:\Windows\System32\Sx5363.ini
[2011/11/23 15:56:44 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2011/11/23 15:56:43 | 000,004,035 | ---- | C] () -- C:\Windows\unins000.dat
[2011/10/30 20:16:45 | 000,000,048 | ---- | C] () -- C:\Users\Johnathan\jagex_cl_runescape_LIVE.dat
[2011/10/30 20:16:45 | 000,000,001 | ---- | C] () -- C:\Users\Johnathan\random.dat
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/08/12 16:26:03 | 000,000,723 | ---- | C] () -- C:\Windows\disney.ini
[2011/07/26 06:46:42 | 000,000,849 | ---- | C] () -- C:\Users\Johnathan\.recently-used.xbel
[2011/07/01 17:50:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/26 15:16:53 | 004,874,240 | ---- | C] () -- C:\Windows\System32\DSE2_DFT.dll
[2011/06/07 01:04:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/17 19:43:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011/03/12 19:22:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/12 16:40:34 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/03/12 16:33:12 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/02/10 14:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2011/01/30 21:34:54 | 000,099,490 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/01/27 07:49:50 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/01/27 07:49:46 | 000,105,420 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/01/27 07:49:44 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/01/27 07:17:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/01/27 07:11:48 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/01/20 16:53:34 | 000,000,226 | R--- | C] () -- C:\Windows\OEM.ini
[2011/01/20 16:52:55 | 000,015,190 | ---- | C] () -- C:\Windows\S6000Twn.ini
[2011/01/20 16:46:26 | 000,000,032 | ---- | C] () -- C:\Windows\Setuplog.ini

========== Files - Unicode (All) ==========
[2011/03/26 07:58:45 | 000,002,213 | ---- | M] ()(C:\Users\Public\Desktop\The Sims? 3.lnk) -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/03/18 22:16:18 | 000,002,213 | ---- | C] ()(C:\Users\Public\Desktop\The Sims? 3.lnk) -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/02/07 12:29:27 | 000,030,208 | ---- | C] ()(C:\Users\Johnathan\Documents\愛情瑪奇?.doc) -- C:\Users\Johnathan\Documents\愛情瑪奇朵.doc
[2011/02/07 12:29:27 | 000,026,624 | ---- | C] ()(C:\Users\Johnathan\Documents\?裡怕.doc) -- C:\Users\Johnathan\Documents\哪裡怕.doc
[2011/02/07 12:29:27 | 000,024,576 | ---- | C] ()(C:\Users\Johnathan\Documents\對?愛不完.doc) -- C:\Users\Johnathan\Documents\對你愛不完.doc
[2009/11/11 16:47:50 | 000,024,576 | ---- | M] ()(C:\Users\Johnathan\Documents\對?愛不完.doc) -- C:\Users\Johnathan\Documents\對你愛不完.doc
[2009/10/25 17:32:06 | 000,026,624 | ---- | M] ()(C:\Users\Johnathan\Documents\?裡怕.doc) -- C:\Users\Johnathan\Documents\哪裡怕.doc
[2009/08/17 23:07:32 | 000,030,208 | ---- | M] ()(C:\Users\Johnathan\Documents\愛情瑪奇?.doc) -- C:\Users\Johnathan\Documents\愛情瑪奇朵.doc

< End of report >
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am

Re: Malware that blocks sites and anti-malware

Unread postby Alander » July 6th, 2012, 2:18 pm

Hi :)
You may want to print/save these instructions in a text file as you will not have internet connection in safe mode


Step 1.
Create a new - clean SRP (System Restore Point)
We'll create a new SRP , then remove old possibly infected SRPs.
Create a new SRP
  1. Go to Start > All Programs > Accessories > System Tools > System Restore
  2. Select Create a restore point... then press the Next...button.
  3. Type a name for the new SRP... like All Clean... then press the Create... button.
  4. When finished... press the Close...button.

Step 2.
Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.


Step 3.
Run OTL Script

We need to run an OTL Fix

  • Right click on OTL.exe and run as administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    FF - user.js - File not found
    O4 - HKLM..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe File not found
    O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
    O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [EADM] "D:\Electronic Arts\EADM\EADMUI.exe" File not found
    O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [PPLiveVA] "C:\Program Files\PPLive\PPVA\PPLiveVA.exe" /LoadModule PPVA.DLL /M REAL /S 0 /T 0 File not found
    O4 - HKU\S-1-5-21-2321080641-3250327695-385329262-1000..\Run: [QbuThije] C:\Users\Johnathan\AppData\Local\iudhwidq\qbuthije.exe File not found
    O20 - HKLM Winlogon: UserInit - (C:\Users\Johnathan\AppData\Local\iudhwidq\qbuthije.exe) - File not found
    
    :files
    C:\Users\Johnathan\AppData\Local\{FD235029-C0BF-4A5A-8906-D892D431CD01}
    C:\Users\Johnathan\AppData\Local\{0A5AA2EE-F346-4C96-BC46-4972E1176B8A}
    C:\Users\Johnathan\AppData\Local\{3E6209DA-7C8D-4A20-B539-06926DBA5762}
    C:\Users\Johnathan\AppData\Local\{B7CFA4AB-9CFD-4CC6-8EA3-3AA750F6A893}
    C:\Users\Johnathan\AppData\Local\{911F233D-856E-4B86-B480-AF7BD1E0C63B}
    C:\Users\Johnathan\AppData\Local\{52EA660F-C401-45C1-B2F5-472A1BF55B31}
    C:\Users\Johnathan\AppData\Local\{4B3791D5-E4EC-4A84-B83C-7E8D6E99998E}
    C:\Users\Johnathan\AppData\Local\{AE0CCA76-E834-4C17-802E-8E3512EBCE40}
    C:\Users\Johnathan\AppData\Local\{586AAD2E-01FF-4C76-A71E-202270681411}
    C:\Users\Johnathan\AppData\Local\{AF14E9B4-46F8-4070-B3D4-F947C30C8BE4}
    C:\Users\Johnathan\AppData\Local\{4FEED241-3B4F-4509-BDFF-25EB59574138}
    C:\Users\Johnathan\AppData\Local\{D9AA5DF8-3DCF-4440-AB25-DE41E9A29B6D}
    C:\Users\Johnathan\AppData\Local\{FC665FF2-3642-4134-9662-6374432B008F}
    C:\Users\Johnathan\AppData\Local\{4695E1A1-6A69-4913-A9DC-F96AB3BF9D39}
    C:\Users\Johnathan\AppData\Local\{CA539E16-22E2-4D36-B97A-CDDCAA3850E0}
    C:\Users\Johnathan\AppData\Local\{81A13BD9-D15A-4873-9A77-F829AA09CF18}
    C:\Users\Johnathan\AppData\Local\{F590E6EB-0BBC-441A-B99A-9ECFA13164C8}
    C:\Users\Johnathan\AppData\Local\{E6C820B1-5618-476F-ABE4-E81AE345F7B2}
    C:\Users\Johnathan\AppData\Local\{8C945BC6-5B16-4596-8335-A54097423D14}
    C:\Users\Johnathan\AppData\Local\{813A5D87-D8B1-451E-8622-29C351CC776B}
    C:\Users\Johnathan\AppData\Local\{D880A781-9EE0-4312-AD7C-23EEB266A424}
    C:\Users\Johnathan\AppData\Local\{5A83F538-873E-4F1E-B643-8116FF5B420B}
    C:\Users\Johnathan\AppData\Local\{12940749-EDBF-4E33-AADA-BF5C5F80E706}
    C:\Users\Johnathan\AppData\Local\{EB5D0BAF-063A-4037-87E2-58420A460BB1}
    C:\Users\Johnathan\AppData\Local\{57A0840D-0DB4-4E9E-AA2A-3393B012A6F3}
    C:\Users\Johnathan\AppData\Local\{C94065A8-E342-4612-B3AE-D73485932BD2}
    C:\Users\Johnathan\AppData\Local\{6C9AA665-73AA-498A-9782-4237731A49BD}
    C:\Users\Johnathan\AppData\Local\{4CDB8D53-80E1-4AD6-B8D6-2BE471C3774C}
    C:\Users\Johnathan\AppData\Local\{EF064D97-6BFD-4397-896C-A271129D680E}
    C:\Users\Johnathan\AppData\Local\{1593DDAE-569C-452F-915C-7C74B7F57934}
    C:\Users\Johnathan\AppData\Local\{7E7F19F3-17EC-4F36-9757-30F769C2829A}
    C:\Users\Johnathan\AppData\Local\{1A665E12-AE59-4AE8-A3B7-E38FF0257265}
    C:\Users\Johnathan\AppData\Local\iudhwidq
    C:\Users\Johnathan\AppData\Local\{2CAC941B-04D3-41DE-B6B5-18362C2BAB98}
    C:\Users\Johnathan\AppData\Local\{721A39F9-AD82-48CB-BA8F-EAEF443AA50B}
    C:\Users\Johnathan\AppData\Local\{62F5D12E-CA4F-4B21-A892-4AE6E4757441}
    C:\Users\Johnathan\AppData\Local\{1386361E-418B-4EF2-B0C9-B81D68CFAB84}
    C:\Users\Johnathan\AppData\Local\{FBD30D8F-847B-48A2-9A91-BE36AE85E7FC}
    C:\Users\Johnathan\AppData\Local\{A17D337E-93EA-414B-B399-A1788A5885DA}
    C:\Users\Johnathan\AppData\Local\{8E4F7599-89F0-46F0-B452-53F9A26A6E30}
    C:\Users\Johnathan\AppData\Local\{E1292376-EAB9-461D-BFBD-A6BC5A649060}
    C:\Users\Johnathan\AppData\Local\{8CF89F1C-4208-46EE-BA06-850C660995A1}
    C:\Users\Johnathan\AppData\Local\{18A9FDB7-8398-4441-9BB9-A11BA2B50619}
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTL Log
  3. How is the computer behaving?
Thanks
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » July 7th, 2012, 7:00 pm

No problems running the steps, except Step 1 had a message saying I had no restore points and the next button was unclickable, but I managed to create a restore point following the windows instructions.

The computer seems to be running fine. I was about to mention that the C:\Users folder was inaccessible, but the OTL fix appeared to have solved it.
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am

Re: Malware that blocks sites and anti-malware

Unread postby desux3 » July 7th, 2012, 7:02 pm

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\F5D9050 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VIAAUD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EADM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PPLiveVA deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2321080641-3250327695-385329262-1000\Software\Microsoft\Windows\CurrentVersion\Run\\QbuThije deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Johnathan\AppData\Local\iudhwidq\qbuthije.exe deleted successfully.
========== FILES ==========
C:\Users\Johnathan\AppData\Local\{FD235029-C0BF-4A5A-8906-D892D431CD01} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{0A5AA2EE-F346-4C96-BC46-4972E1176B8A} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{3E6209DA-7C8D-4A20-B539-06926DBA5762} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{B7CFA4AB-9CFD-4CC6-8EA3-3AA750F6A893} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{911F233D-856E-4B86-B480-AF7BD1E0C63B} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{52EA660F-C401-45C1-B2F5-472A1BF55B31} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{4B3791D5-E4EC-4A84-B83C-7E8D6E99998E} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{AE0CCA76-E834-4C17-802E-8E3512EBCE40} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{586AAD2E-01FF-4C76-A71E-202270681411} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{AF14E9B4-46F8-4070-B3D4-F947C30C8BE4} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{4FEED241-3B4F-4509-BDFF-25EB59574138} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{D9AA5DF8-3DCF-4440-AB25-DE41E9A29B6D} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{FC665FF2-3642-4134-9662-6374432B008F} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{4695E1A1-6A69-4913-A9DC-F96AB3BF9D39} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{CA539E16-22E2-4D36-B97A-CDDCAA3850E0} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{81A13BD9-D15A-4873-9A77-F829AA09CF18} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{F590E6EB-0BBC-441A-B99A-9ECFA13164C8} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{E6C820B1-5618-476F-ABE4-E81AE345F7B2} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{8C945BC6-5B16-4596-8335-A54097423D14} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{813A5D87-D8B1-451E-8622-29C351CC776B} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{D880A781-9EE0-4312-AD7C-23EEB266A424} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{5A83F538-873E-4F1E-B643-8116FF5B420B} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{12940749-EDBF-4E33-AADA-BF5C5F80E706} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{EB5D0BAF-063A-4037-87E2-58420A460BB1} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{57A0840D-0DB4-4E9E-AA2A-3393B012A6F3} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{C94065A8-E342-4612-B3AE-D73485932BD2} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{6C9AA665-73AA-498A-9782-4237731A49BD} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{4CDB8D53-80E1-4AD6-B8D6-2BE471C3774C} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{EF064D97-6BFD-4397-896C-A271129D680E} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{1593DDAE-569C-452F-915C-7C74B7F57934} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{7E7F19F3-17EC-4F36-9757-30F769C2829A} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{1A665E12-AE59-4AE8-A3B7-E38FF0257265} folder moved successfully.
C:\Users\Johnathan\AppData\Local\iudhwidq folder moved successfully.
C:\Users\Johnathan\AppData\Local\{2CAC941B-04D3-41DE-B6B5-18362C2BAB98} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{721A39F9-AD82-48CB-BA8F-EAEF443AA50B} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{62F5D12E-CA4F-4B21-A892-4AE6E4757441} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{1386361E-418B-4EF2-B0C9-B81D68CFAB84} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{FBD30D8F-847B-48A2-9A91-BE36AE85E7FC} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{A17D337E-93EA-414B-B399-A1788A5885DA} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{8E4F7599-89F0-46F0-B452-53F9A26A6E30} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{E1292376-EAB9-461D-BFBD-A6BC5A649060} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{8CF89F1C-4208-46EE-BA06-850C660995A1} folder moved successfully.
C:\Users\Johnathan\AppData\Local\{18A9FDB7-8398-4441-9BB9-A11BA2B50619} folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Johnathan\Desktop\cmd.bat deleted successfully.
C:\Users\Johnathan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johnathan
->Temp folder emptied: 91017188 bytes
->Temporary Internet Files folder emptied: 284025557 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54741708 bytes
->Apple Safari cache emptied: 4797440 bytes
->Flash cache emptied: 33035 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2110 bytes
RecycleBin emptied: 1193984 bytes

Total Files Cleaned = 416.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 07082012_084659

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
desux3
Active Member
 
Posts: 12
Joined: June 24th, 2012, 4:12 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 105 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware