|
-
May 29th, 2013, 12:13 PM
#1
 [Inactive-A] cheshire police crime unit my pc is locked
[windows xp]
Well, its locked tight. The screen is full of this message. I can't access anything else at all. ctrl-alt-del does't do anything. Safe mode hangs at mup.sys.
I tried hiren's boot disk and used spybot which removed some items but no change. mbam won't run from inside hiren's.
What else can I do. I can't find any way to access a restore point, but I'm trying to avoid the re-format and re-install route.
Ideas?
thanks
-
May 29th, 2013, 01:08 PM
#2
Have you tried safe mode?
Using Safe mode with networking mbam should install and then update it before you scan.
-
May 29th, 2013, 01:35 PM
#3
As I said, the system hangs when I try to enter safe mode.
-
May 29th, 2013, 02:19 PM
#4
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
==================================
Let's see, if we can look at your computer booting from an external source.
Please download OTLPE (filesize 120,9 MB)
- When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
- Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps here
- Your system should now display a REATOGO-X-PE desktop.
- Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
- Double-click on the OTLPE icon.
- When asked Do you wish to load the remote registry, select Yes
- When asked Do you wish to load remote user profile(s) for scanning, select Yes
- Ensure the box Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.
-
May 29th, 2013, 02:20 PM
#5
Safe mode hangs at mup.sys
let it sit there for 30 to 60 minutes.
How I got past that mess many a time.
-
May 30th, 2013, 04:57 AM
#6
 Originally Posted by Train
let it sit there for 30 to 60 minutes.
How I got past that mess many a time.
good shout, but it rebotted after a couple of minutes. I'm just going to get on with Broni's plan. Thanks
-
May 30th, 2013, 05:49 AM
#7
OK, here we go, these are the contents of OLT.txt:
OTL logfile created on: 5/30/2013 11:29:39 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.81 Gb Total Space | 30.44 Gb Free Space | 44.89% Space Free | Partition Type: NTFS
Drive D: | 813.79 Gb Total Space | 171.04 Gb Free Space | 21.02% Space Free | Partition Type: NTFS
Drive E: | 49.90 Gb Total Space | 24.58 Gb Free Space | 49.26% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 81.20 Gb Free Space | 34.87% Space Free | Partition Type: NTFS
Drive R: | 465.76 Gb Total Space | 355.97 Gb Free Space | 76.43% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (avgwd)
SRV - [2013/05/29 05:22:51 | 000,172,032 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Documents and Settings\All Users\Application Data\wihdr.dat -- (winmgmt)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/05 17:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/01/13 10:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/27 06:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/18 13:08:04 | 000,189,696 | ---- | M] (Solid Documents, LLC) [Auto] -- C:\Program Files\SolidPDFCreator\SPC\SolidPdfService.exe -- (SdReadSpool)
SRV - [2008/08/08 00:35:42 | 001,622,016 | ---- | M] (南京纳加软件有限公司) [Auto] -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2001/10/22 13:57:20 | 000,421,888 | ---- | M] (Tiny Software) [Auto] -- C:\Program Files\Tiny Personal Firewall\persfw.exe -- (PersFw)
SRV - [2001/08/06 01:41:48 | 000,028,672 | ---- | M] () [Auto] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (VMHybrid)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (PID_0928) Labtec WebCam(PID_0928)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (LVUSBSta)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Auto] -- -- (Aspi32)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/12/10 11:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/17 08:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 08:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 08:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 08:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/11/06 17:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/31 05:23:28 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/06/17 12:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 12:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/11/19 05:41:08 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys -- (WsAudioDevice_383)
DRV - [2008/08/26 06:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/17 03:10:48 | 000,279,552 | R--- | M] (Philips Semiconductors) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\SAA713x.sys -- (713xTVCard)
DRV - [2008/06/17 03:10:48 | 000,025,984 | R--- | M] (Philips Semiconductors) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\WDMTuner.sys -- (WDMTVTuner)
DRV - [2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/06 00:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/03/06 00:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/26 06:55:38 | 001,053,952 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006/09/28 06:47:48 | 000,283,776 | ---- | M] (AfaTech ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2006/06/18 18:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/18 21:01:00 | 000,017,280 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2005/07/08 16:40:42 | 000,260,144 | R--- | M] (Hauppauge Computer Works) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NUVision.sys -- (NuVision) Hauppauge WinTV USB Pro (PAL I,D/K)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/23 12:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/08/11 12:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 18:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 17:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Adapter | Disabled] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (Sysvcyagewo)
DRV - [2004/06/24 08:52:00 | 000,007,552 | ---- | M] (PortalPlayer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\YH-925.sys -- (PortlUSB)
DRV - [2001/12/20 04:02:12 | 000,006,656 | ---- | M] (Netropa Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2001/10/22 13:54:28 | 000,077,312 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\fwdrv.sys -- (fwdrv)
DRV - [2001/08/10 02:00:00 | 000,003,252 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\All_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\All_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA:
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16:
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.11:
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.7:
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\All\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\All\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011/11/23 16:46:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/21 16:45:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.12.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/09/23 15:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2011/11/23 16:46:33 | 000,000,000 | ---D | M]
[2012/04/14 13:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All\Application Data\Mozilla\Extensions
[2010/11/13 15:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/28 16:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012/09/23 15:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All\Application Data\Mozilla\SeaMonkey\Profiles\3r7iaz3f.default\extensions
O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SelectionLinks) - {29AAADC9-DA30-4264-BCC4-D447F7146FC1} - File not found
O2 - BHO: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found
O3 - HKU\All_ON_C\..\Toolbar\WebBrowser: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SecondBackup_FilesBackup] C:\Program Files\Second Backup\SecondBackup.exe (EPC)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\tweakui.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\All_ON_C..\Run: [ctfmon32.exe] C:\Documents and Settings\All Users\Application Data\wihdr.dat (Microsoft Corporation)
O4 - HKU\All_ON_C..\Run: [EPSON P50 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\All_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All\Start Menu\Programs\Startup\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\All_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/06 10:16:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/01/21 12:43:09 | 000,000,043 | ---- | M] () - D:\autorun.inf.OLD -- [ NTFS ]
O32 - AutoRun File - [2012/07/29 06:18:52 | 000,000,000 | ---D | M] - F:\Autobackup -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d11a4cf6-e285-11df-8ae7-001fc617befa}\Shell\AutoRun\command - "" = L:\installer.exe
O33 - MountPoints2\{d11a4cf6-e285-11df-8ae7-001fc617befa}\Shell\verb\command - "" = L:\installer.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/05/29 11:43:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/05/29 07:07:12 | 000,000,000 | ---D | C] -- C:\$Anvi Rescue Disk$
[2013/05/29 05:22:51 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\wihdr.dat
[2013/05/29 05:22:48 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All\1886466.dll
[2013/05/23 06:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/05/11 07:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Convert Audio Free
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2008/07/09 18:13:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\All\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/29 12:16:19 | 000,000,258 | RHS- | M] () -- C:\boot.ini
[2013/05/29 12:14:50 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.pad
[2013/05/29 12:08:51 | 000,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2013/05/29 12:08:27 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/05/29 12:08:24 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2013/05/29 12:08:24 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2013/05/29 12:08:23 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365.job
[2013/05/29 12:08:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/29 11:43:05 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/05/29 05:23:03 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All\Start Menu\Programs\Startup\regmonstd.lnk
[2013/05/29 05:22:56 | 000,003,074 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.js
[2013/05/29 05:22:51 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\wihdr.dat
[2013/05/29 05:22:49 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All\1886466.dll
[2013/05/29 05:02:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1844823847-725345543-1003UA.job
[2013/05/29 04:16:21 | 000,496,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/29 04:16:21 | 000,084,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/29 04:11:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/28 18:03:33 | 000,194,560 | ---- | M] () -- C:\Documents and Settings\All\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/28 17:02:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1844823847-725345543-1003Core1cd977d4deec614.job
[2013/05/28 14:33:33 | 000,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2013/05/24 10:04:22 | 000,010,505 | ---- | M] () -- C:\WINDOWS\MAPINFOW.PRF
[2013/05/24 10:04:22 | 000,003,937 | ---- | M] () -- C:\WINDOWS\MAPINFOW.WOR
[2013/05/22 17:21:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/22 04:00:00 | 000,000,186 | ---- | M] () -- C:\WINDOWS\tasks\KBDCLASS.job
[2013/05/22 04:00:00 | 000,000,182 | ---- | M] () -- C:\WINDOWS\tasks\KBDHID.job
[2013/05/18 07:02:32 | 000,001,370 | ---- | M] () -- C:\Documents and Settings\All\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2013/05/13 05:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utils
[2013/05/11 12:50:10 | 000,021,703 | ---- | M] () -- C:\WINDOWS\COOL.INI
[2013/05/11 12:50:10 | 000,010,677 | ---- | M] () -- C:\WINDOWS\coolkb2k.ini
[2013/05/11 12:50:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\COOLSYS.INI
[2013/05/11 12:35:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2013/05/09 10:16:31 | 000,002,210 | ---- | M] () -- C:\WINDOWS\coolmp3.ini
[2013/05/01 12:29:36 | 000,000,071 | ---- | M] () -- C:\WINDOWS\PrintCD.INI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/29 05:23:03 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All\Start Menu\Programs\Startup\regmonstd.lnk
[2013/05/29 05:22:56 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.pad
[2013/05/29 05:22:56 | 000,003,074 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.js
[2013/05/18 07:02:32 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\All\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2013/04/19 07:07:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2012/11/27 14:05:26 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2012/05/12 13:08:29 | 000,001,317 | ---- | C] () -- C:\Documents and Settings\All\Application Data\net.telestream.producer.xml
[2012/04/22 16:12:22 | 004,424,704 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012/04/19 15:07:11 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2012/04/08 19:40:36 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/08 19:39:46 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2012/04/08 19:39:32 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2012/04/08 19:39:32 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2012/04/08 19:39:30 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2012/04/08 19:39:30 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2012/04/08 19:39:28 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2012/04/08 19:39:28 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2012/04/08 19:39:26 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2012/03/29 10:21:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012/03/29 10:21:18 | 006,582,226 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll
[2012/03/29 10:21:18 | 001,152,365 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll
[2012/03/29 10:21:18 | 000,374,152 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012/03/29 10:21:18 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/03/29 10:21:18 | 000,144,523 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2012/01/07 10:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2012/01/07 10:36:30 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2011/12/05 15:19:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/05/30 09:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/23 03:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/03 07:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 07:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 07:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/01/02 12:03:46 | 000,001,471 | ---- | C] () -- C:\WINDOWS\Gemstorm.ini
[2011/01/02 09:11:09 | 000,000,070 | ---- | C] () -- C:\WINDOWS\TZSOFT.INI
[2011/01/02 08:43:19 | 000,001,348 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2010/11/14 13:16:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All\Local Settings\Application Data\prvlcl.dat
[2010/10/30 09:21:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/10/30 07:59:06 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/24 13:02:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SMMVSplitter.INI
[2010/06/24 14:11:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2010/06/24 14:11:54 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2010/05/04 14:40:08 | 000,000,071 | ---- | C] () -- C:\WINDOWS\PrintCD.INI
[2010/03/22 13:52:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\srctrl.dll
[2010/02/21 15:58:46 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/12/30 15:59:44 | 000,003,397 | ---- | C] () -- C:\WINDOWS\MGXART.INI
[2009/12/26 10:46:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/12/26 10:46:36 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/12/13 08:21:25 | 000,121,270 | ---- | C] () -- C:\WINDOWS\File Renamer - Basic Uninstaller.exe
[2009/11/25 16:32:00 | 000,932,792 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/22 15:55:23 | 000,010,767 | ---- | C] () -- C:\Documents and Settings\All\.recently-used.xbel
[2009/09/17 15:01:51 | 000,021,248 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2009/09/17 15:01:51 | 000,013,568 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2009/08/21 12:58:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\AitVirtualComInstall.exe
[2009/07/20 16:10:48 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\InstallVCOM.exe
[2009/06/28 10:51:03 | 001,262,956 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE
[2009/06/28 10:51:03 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2009/04/18 12:22:36 | 000,000,569 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/04/18 12:21:48 | 000,009,206 | R--- | C] () -- C:\WINDOWS\NTTuner.ini
[2009/04/05 11:53:16 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\All\Application Data\ezpinst.exe
[2009/01/11 16:15:37 | 000,081,332 | ---- | C] () -- C:\WINDOWS\System32\BASS.DLL
[2009/01/06 16:53:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/12/29 09:54:02 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Speed Video Splitter.INI
[2008/10/17 15:08:26 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2008/10/12 11:25:10 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2008/09/28 15:11:42 | 000,401,408 | R--- | C] () -- C:\WINDOWS\713xRMT.exe
[2008/09/28 15:11:41 | 000,352,256 | R--- | C] () -- C:\WINDOWS\713xRMTMon.exe
[2008/09/28 13:03:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/28 12:51:59 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/09/28 12:47:13 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/09/25 16:44:28 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\All\Application Data\$_hpcst$.hpc
[2008/09/20 07:14:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2008/09/02 16:12:46 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/08/25 15:52:01 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\716xCoInstaller.dll
[2008/08/03 11:00:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sms.INI
[2008/08/03 10:38:13 | 000,892,928 | ---- | C] () -- C:\WINDOWS\System32\YeppPlugIn.dll
[2008/08/03 10:38:13 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylistSamsung.dll
[2008/08/03 10:38:13 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\yeppCddb.dll
[2008/08/03 10:38:13 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\smax10.dll
[2008/08/03 10:38:13 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\secumax.dll
[2008/07/22 16:20:13 | 000,000,168 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2008/07/11 14:39:05 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008/07/10 16:52:18 | 000,005,817 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/07/10 16:45:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/07/10 16:45:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2008/07/09 18:14:05 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\All\Application Data\vso_ts_preview.xml
[2008/07/09 18:13:38 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\All\Application Data\inst.exe
[2008/07/09 18:13:38 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\All\Application Data\pcouffin.cat
[2008/07/09 18:13:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All\Application Data\pcouffin.inf
[2008/07/08 16:16:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/07 16:14:36 | 000,002,210 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2008/07/06 14:27:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2008/07/06 14:27:19 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2008/07/06 12:31:07 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/07/06 12:30:25 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/07/06 12:21:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/06 12:15:56 | 000,021,703 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2008/07/06 12:10:46 | 000,194,560 | ---- | C] () -- C:\Documents and Settings\All\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/06 11:59:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/06 11:59:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2008/07/06 11:59:03 | 000,007,925 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/07/06 11:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/07/06 11:36:03 | 000,013,267 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/06 11:25:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys
[2008/07/06 11:09:36 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/06 11:04:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/06 11:03:41 | 000,352,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/06 10:28:00 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/07/06 10:25:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/07/06 10:24:50 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/06 10:18:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/06 10:14:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/10/25 13:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/20 06:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 06:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 06:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 06:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 06:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 06:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 06:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 06:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 06:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/04/20 09:32:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/20 09:32:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/04/20 09:32:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/20 09:32:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/04/20 09:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/20 09:32:00 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/04/20 09:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/20 09:32:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/04/20 09:32:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/04/20 09:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/02 10:24:38 | 000,070,144 | R--- | C] () -- C:\WINDOWS\System32\ENCODE32.DLL
[2006/05/02 10:24:38 | 000,018,944 | R--- | C] () -- C:\WINDOWS\System32\TALDM32A.dll
[2006/05/02 10:24:38 | 000,017,408 | R--- | C] () -- C:\WINDOWS\System32\TALDM32.DLL
[2004/08/03 20:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/03 19:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 06:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,496,266 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,084,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== LOP Check ==========
[2011/12/24 12:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Ableton
[2010/11/05 15:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Acronis
[2011/02/06 12:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Amazon
[2010/12/19 15:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\AnvSoft
[2008/07/23 16:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Ashampoo
[2013/05/28 14:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\AutoBAUP
[2009/01/10 13:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Azureus
[2010/10/23 13:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Boilsoft
[2013/05/09 15:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Canon
[2009/01/10 13:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\DNA
[2012/03/10 15:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\FileZilla
[2012/02/01 16:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\FolderColorize
[2008/09/20 11:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Free Sound Recorder
[2011/10/21 15:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Get from YouTube
[2010/06/01 14:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\GrabPro
[2009/11/22 15:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\gtk-2.0
[2012/09/11 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\HeidiSQL
[2012/02/07 16:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\ImgBurn
[2011/12/24 09:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\iZotope
[2012/01/18 13:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\KompoZer
[2008/07/06 14:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Micrografx
[2010/12/18 16:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Mobipocket
[2012/09/11 16:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\MySQL-Front
[2013/04/08 05:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Nokia
[2013/04/08 05:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Nokia Suite
[2012/09/12 17:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Notepad++
[2009/01/06 16:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\NoteTab Light
[2009/02/01 10:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Nvu
[2011/08/22 17:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\OpenOffice.org
[2010/11/17 18:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Opera
[2012/06/11 14:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Oracle
[2010/06/01 14:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Orbit
[2011/11/23 16:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\PC Suite
[2008/10/19 05:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Publish Providers
[2008/12/24 08:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\RipIt4Me
[2009/12/26 13:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Samsung
[2009/09/08 17:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\SanDisk
[2010/11/19 16:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\SlimBrowser
[2010/03/05 06:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Softplicity
[2011/08/14 14:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\SolidDocuments
[2009/01/11 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Sony
[2008/10/19 05:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Sony Setup
[2010/11/13 15:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Thunderbird
[2012/12/25 17:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Total Recorder Editor Pro
[2010/10/22 16:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Ulead Systems
[2012/05/12 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Ustream Producer
[2013/05/29 11:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\uTorrent
[2008/07/06 12:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Visicom Media
[2009/01/27 15:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\vmntoolbar
[2012/09/02 14:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All\Application Data\Vso
[2011/05/14 13:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AutoBAUP
[2011/01/19 15:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2011/12/24 12:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/12/05 15:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/07/23 16:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2013/02/05 15:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/19 15:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2009/01/10 12:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/10/19 15:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/14 18:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/03/11 18:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/07/10 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/10/28 04:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/23 16:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/11/23 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/12/18 15:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/12/26 10:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/08/25 15:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/03/22 17:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/23 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/09/17 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2008/10/19 05:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012/04/19 15:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/05/12 13:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Telestream
[2013/02/07 14:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/06 11:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/10/23 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2013/05/29 12:08:27 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2013/05/22 04:00:00 | 000,000,186 | ---- | M] () -- C:\WINDOWS\Tasks\KBDCLASS.job
[2013/05/22 04:00:00 | 000,000,182 | ---- | M] () -- C:\WINDOWS\Tasks\KBDHID.job
[2013/05/29 12:08:24 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2013/05/29 12:08:24 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2011/05/07 22:00:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2013/05/29 12:08:23 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Wise Care 365.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:احتضان
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
-
May 30th, 2013, 06:29 PM
#8
Do this on the computer you are posting from:
Copy the text in the codebox below:
Code:
:OTL
SRV - File not found [Auto] -- -- (avgwd)
SRV - [2013/05/29 05:22:51 | 000,172,032 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Documents and Settings\All Users\Application Data\wihdr.dat -- (winmgmt)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (VMHybrid)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (PID_0928) Labtec WebCam(PID_0928)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (LVUSBSta)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Auto] -- -- (Aspi32)
O2 - BHO: (SelectionLinks) - {29AAADC9-DA30-4264-BCC4-D447F7146FC1} - File not found
O2 - BHO: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found
O3 - HKU\All_ON_C\..\Toolbar\WebBrowser: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\All_ON_C..\Run: [ctfmon32.exe] C:\Documents and Settings\All Users\Application Data\wihdr.dat (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All\Start Menu\Programs\Startup\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O33 - MountPoints2\{d11a4cf6-e285-11df-8ae7-001fc617befa}\Shell\AutoRun\command - "" = L:\installer.exe
O33 - MountPoints2\{d11a4cf6-e285-11df-8ae7-001fc617befa}\Shell\verb\command - "" = L:\installer.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\setup.exe
[2013/05/29 05:22:48 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All\1886466.dll
[2013/05/29 12:14:50 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.pad
[2013/05/29 11:43:05 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/05/29 05:22:56 | 000,003,074 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.js
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:احتضان
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
:Services
:Reg
:Files
C:\Documents and Settings\All Users\Application Data\wihdr.dat
C:\Documents and Settings\All\Start Menu\Programs\Startup\regmonstd.lnk
:Commands
[purity]
Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive
On the infected computer the following...
Run OTLPE
- Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post the log produced (you'll need to transfer it with USB stick)
- Remove the CD and shut down computer manually.
- Attempt to reboot normally into Windows.
-
May 31st, 2013, 07:33 AM
#9
Well Broni, you are certainly a star. Can you tell me what you spotted and removed there?
Booting fine now, I ran mbam as soon as I got a clean boot and it found a few things now safely removed.
The only residual issue now is that I get this error message on boot:
error loading c:\docume~1\alluse~1\applic~\wihdr.dat
This is the log from olte after the fix ran:
OTL logfile created on: 5/31/2013 1:49:42 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.81 Gb Total Space | 50.03 Gb Free Space | 73.78% Space Free | Partition Type: NTFS
Drive D: | 813.79 Gb Total Space | 171.04 Gb Free Space | 21.02% Space Free | Partition Type: NTFS
Drive E: | 49.90 Gb Total Space | 24.58 Gb Free Space | 49.26% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 80.60 Gb Free Space | 34.61% Space Free | Partition Type: NTFS
Drive K: | 1.85 Gb Total Space | 0.44 Gb Free Space | 24.02% Space Free | Partition Type: FAT32
Drive R: | 465.76 Gb Total Space | 355.97 Gb Free Space | 76.43% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (avgwd)
SRV - [2013/05/29 05:22:51 | 000,172,032 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Documents and Settings\All Users\Application Data\wihdr.dat -- (winmgmt)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/05 17:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/01/13 10:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/27 06:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/18 13:08:04 | 000,189,696 | ---- | M] (Solid Documents, LLC) [Auto] -- C:\Program Files\SolidPDFCreator\SPC\SolidPdfService.exe -- (SdReadSpool)
SRV - [2008/08/08 00:35:42 | 001,622,016 | ---- | M] (南京纳加软件有限公司) [Auto] -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2001/10/22 13:57:20 | 000,421,888 | ---- | M] (Tiny Software) [Auto] -- C:\Program Files\Tiny Personal Firewall\persfw.exe -- (PersFw)
SRV - [2001/08/06 01:41:48 | 000,028,672 | ---- | M] () [Auto] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (VMHybrid)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (PID_0928) Labtec WebCam(PID_0928)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (LVUSBSta)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Auto] -- -- (Aspi32)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/12/10 11:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/17 08:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 08:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 08:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 08:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/11/06 17:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/31 05:23:28 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/06/17 12:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 12:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/11/19 05:41:08 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys -- (WsAudioDevice_383)
DRV - [2008/08/26 06:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/17 03:10:48 | 000,279,552 | R--- | M] (Philips Semiconductors) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\SAA713x.sys -- (713xTVCard)
DRV - [2008/06/17 03:10:48 | 000,025,984 | R--- | M] (Philips Semiconductors) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\WDMTuner.sys -- (WDMTVTuner)
DRV - [2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/06 00:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/03/06 00:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/26 06:55:38 | 001,053,952 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006/09/28 06:47:48 | 000,283,776 | ---- | M] (AfaTech ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2006/06/18 18:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/18 21:01:00 | 000,017,280 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2005/07/08 16:40:42 | 000,260,144 | R--- | M] (Hauppauge Computer Works) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NUVision.sys -- (NuVision) Hauppauge WinTV USB Pro (PAL I,D/K)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/23 12:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/08/11 12:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 18:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 17:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Adapter | Disabled] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (Sysvcyagewo)
DRV - [2004/06/24 08:52:00 | 000,007,552 | ---- | M] (PortalPlayer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\YH-925.sys -- (PortlUSB)
DRV - [2001/12/20 04:02:12 | 000,006,656 | ---- | M] (Netropa Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2001/10/22 13:54:28 | 000,077,312 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\fwdrv.sys -- (fwdrv)
DRV - [2001/08/10 02:00:00 | 000,003,252 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA:
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16:
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.11:
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.7:
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011/11/23 16:46:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/21 16:45:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.12.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/09/23 15:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_3.1 [2011/11/23 16:46:33 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SelectionLinks) - {29AAADC9-DA30-4264-BCC4-D447F7146FC1} - File not found
O2 - BHO: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SecondBackup_FilesBackup] C:\Program Files\Second Backup\SecondBackup.exe (EPC)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\tweakui.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All\Start Menu\Programs\Startup\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/06 10:16:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/01/21 12:43:09 | 000,000,043 | ---- | M] () - D:\autorun.inf.OLD -- [ NTFS ]
O32 - AutoRun File - [2012/07/29 06:18:52 | 000,000,000 | ---D | M] - F:\Autobackup -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/05/29 11:43:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/05/29 07:07:12 | 000,000,000 | ---D | C] -- C:\$Anvi Rescue Disk$
[2013/05/29 05:22:51 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\wihdr.dat
[2013/05/23 06:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/05/11 07:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Convert Audio Free
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/29 12:16:19 | 000,000,258 | RHS- | M] () -- C:\boot.ini
[2013/05/29 12:14:50 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.pad
[2013/05/29 12:08:51 | 000,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2013/05/29 12:08:27 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/05/29 12:08:24 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2013/05/29 12:08:24 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2013/05/29 12:08:23 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365.job
[2013/05/29 12:08:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/29 11:43:05 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/05/29 05:22:56 | 000,003,074 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.js
[2013/05/29 05:22:51 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\wihdr.dat
[2013/05/29 05:02:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1844823847-725345543-1003UA.job
[2013/05/29 04:16:21 | 000,496,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/29 04:16:21 | 000,084,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/29 04:11:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/28 18:03:33 | 000,194,560 | ---- | M] () -- C:\Documents and Settings\All\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/28 17:02:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1844823847-725345543-1003Core1cd977d4deec614.job
[2013/05/28 14:33:33 | 000,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2013/05/24 10:04:22 | 000,010,505 | ---- | M] () -- C:\WINDOWS\MAPINFOW.PRF
[2013/05/24 10:04:22 | 000,003,937 | ---- | M] () -- C:\WINDOWS\MAPINFOW.WOR
[2013/05/22 17:21:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/22 04:00:00 | 000,000,186 | ---- | M] () -- C:\WINDOWS\tasks\KBDCLASS.job
[2013/05/22 04:00:00 | 000,000,182 | ---- | M] () -- C:\WINDOWS\tasks\KBDHID.job
[2013/05/13 05:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utils
[2013/05/11 12:50:10 | 000,021,703 | ---- | M] () -- C:\WINDOWS\COOL.INI
[2013/05/11 12:50:10 | 000,010,677 | ---- | M] () -- C:\WINDOWS\coolkb2k.ini
[2013/05/11 12:50:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\COOLSYS.INI
[2013/05/11 12:35:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2013/05/09 10:16:31 | 000,002,210 | ---- | M] () -- C:\WINDOWS\coolmp3.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/29 05:22:56 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.pad
[2013/05/29 05:22:56 | 000,003,074 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.js
[2013/04/19 07:07:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2012/11/27 14:05:26 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2012/04/22 16:12:22 | 004,424,704 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012/04/19 15:07:11 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2012/04/08 19:40:36 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/08 19:39:46 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2012/04/08 19:39:32 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2012/04/08 19:39:32 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2012/04/08 19:39:30 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2012/04/08 19:39:30 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2012/04/08 19:39:28 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2012/04/08 19:39:28 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2012/04/08 19:39:26 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2012/03/29 10:21:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012/03/29 10:21:18 | 006,582,226 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll
[2012/03/29 10:21:18 | 001,152,365 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll
[2012/03/29 10:21:18 | 000,374,152 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012/03/29 10:21:18 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/03/29 10:21:18 | 000,144,523 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2012/01/07 10:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2012/01/07 10:36:30 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2011/12/05 15:19:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/05/30 09:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/23 03:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/03 07:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 07:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 07:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/01/02 12:03:46 | 000,001,471 | ---- | C] () -- C:\WINDOWS\Gemstorm.ini
[2011/01/02 09:11:09 | 000,000,070 | ---- | C] () -- C:\WINDOWS\TZSOFT.INI
[2011/01/02 08:43:19 | 000,001,348 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2010/11/14 13:16:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All\Local Settings\Application Data\prvlcl.dat
[2010/10/30 09:21:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/10/30 07:59:06 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/24 13:02:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SMMVSplitter.INI
[2010/06/24 14:11:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2010/06/24 14:11:54 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2010/05/04 14:40:08 | 000,000,071 | ---- | C] () -- C:\WINDOWS\PrintCD.INI
[2010/03/22 13:52:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\srctrl.dll
[2010/02/21 15:58:46 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/12/30 15:59:44 | 000,003,397 | ---- | C] () -- C:\WINDOWS\MGXART.INI
[2009/12/26 10:46:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/12/26 10:46:36 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/12/13 08:21:25 | 000,121,270 | ---- | C] () -- C:\WINDOWS\File Renamer - Basic Uninstaller.exe
[2009/09/17 15:01:51 | 000,021,248 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2009/09/17 15:01:51 | 000,013,568 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2009/08/21 12:58:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\AitVirtualComInstall.exe
[2009/07/20 16:10:48 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\InstallVCOM.exe
[2009/06/28 10:51:03 | 001,262,956 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE
[2009/06/28 10:51:03 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2009/04/18 12:22:36 | 000,000,569 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/04/18 12:21:48 | 000,009,206 | R--- | C] () -- C:\WINDOWS\NTTuner.ini
[2009/01/11 16:15:37 | 000,081,332 | ---- | C] () -- C:\WINDOWS\System32\BASS.DLL
[2009/01/06 16:53:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/12/29 09:54:02 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Speed Video Splitter.INI
[2008/10/17 15:08:26 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2008/10/12 11:25:10 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2008/09/28 15:11:42 | 000,401,408 | R--- | C] () -- C:\WINDOWS\713xRMT.exe
[2008/09/28 15:11:41 | 000,352,256 | R--- | C] () -- C:\WINDOWS\713xRMTMon.exe
[2008/09/28 13:03:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/28 12:51:59 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/09/20 07:14:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2008/09/02 16:12:46 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/08/25 15:52:01 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\716xCoInstaller.dll
[2008/08/03 11:00:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sms.INI
[2008/08/03 10:38:13 | 000,892,928 | ---- | C] () -- C:\WINDOWS\System32\YeppPlugIn.dll
[2008/08/03 10:38:13 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylistSamsung.dll
[2008/08/03 10:38:13 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\yeppCddb.dll
[2008/08/03 10:38:13 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\smax10.dll
[2008/08/03 10:38:13 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\secumax.dll
[2008/07/22 16:20:13 | 000,000,168 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2008/07/11 14:39:05 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008/07/10 16:52:18 | 000,005,817 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/07/10 16:45:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/07/10 16:45:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2008/07/08 16:16:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/07 16:14:36 | 000,002,210 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2008/07/06 14:27:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2008/07/06 14:27:19 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2008/07/06 12:31:07 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/07/06 12:30:25 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/07/06 12:21:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/06 12:15:56 | 000,021,703 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2008/07/06 12:10:46 | 000,194,560 | ---- | C] () -- C:\Documents and Settings\All\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/06 11:59:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/06 11:59:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2008/07/06 11:59:03 | 000,007,925 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/07/06 11:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/07/06 11:36:03 | 000,013,267 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/06 11:25:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys
[2008/07/06 11:09:36 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/06 11:04:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/06 11:03:41 | 000,352,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/06 10:28:00 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/07/06 10:25:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/07/06 10:24:50 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/06 10:18:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/06 10:14:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/10/25 13:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/20 06:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 06:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 06:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 06:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 06:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 06:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 06:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 06:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 06:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/04/20 09:32:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/20 09:32:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/04/20 09:32:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/20 09:32:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/04/20 09:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/20 09:32:00 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/04/20 09:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/20 09:32:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/04/20 09:32:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/04/20 09:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/02 10:24:38 | 000,070,144 | R--- | C] () -- C:\WINDOWS\System32\ENCODE32.DLL
[2006/05/02 10:24:38 | 000,018,944 | R--- | C] () -- C:\WINDOWS\System32\TALDM32A.dll
[2006/05/02 10:24:38 | 000,017,408 | R--- | C] () -- C:\WINDOWS\System32\TALDM32.DLL
[2004/08/03 20:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/03 19:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 06:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,496,266 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,084,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== LOP Check ==========
[2011/12/24 12:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/12/05 15:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/07/23 16:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2013/02/05 15:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/19 15:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2009/01/10 12:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/10/19 15:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/14 18:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/03/11 18:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/07/10 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/10/28 04:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/23 16:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/11/23 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/12/18 15:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/12/26 10:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/08/25 15:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/03/22 17:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/23 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/09/17 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2008/10/19 05:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012/04/19 15:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/05/12 13:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Telestream
[2013/02/07 14:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/06 11:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/10/23 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2013/05/29 12:08:27 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2013/05/22 04:00:00 | 000,000,186 | ---- | M] () -- C:\WINDOWS\Tasks\KBDCLASS.job
[2013/05/22 04:00:00 | 000,000,182 | ---- | M] () -- C:\WINDOWS\Tasks\KBDHID.job
[2013/05/29 12:08:24 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2013/05/29 12:08:24 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2011/05/07 22:00:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2013/05/29 12:08:23 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Wise Care 365.job
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< SRV - File not found [Auto] -- -- (avgwd) >
< SRV - [2013/05/29 05:22:51 | 000,172,032 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Documents and Settings\All Users\Application Data\wihdr.dat -- (winmgmt) >
Invalid Switch: 29 05:22:51 | 000,172,032 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Documents and Settings\All Users\Application Data\wihdr.dat -- (winmgmt)
< DRV - File not found [Kernel | On_Demand] -- -- (WDICA) >
< DRV - File not found [Kernel | On_Demand] -- -- (VMHybrid) >
< DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL) >
< DRV - File not found [Kernel | On_Demand] -- -- (PID_0928) Labtec WebCam(PID_0928) >
< DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) >
< DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) >
< DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) >
< DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) >
< DRV - File not found [Kernel | System] -- -- (PCIDump) >
< DRV - File not found [Kernel | On_Demand] -- -- (LVUSBSta) >
< DRV - File not found [Kernel | System] -- -- (lbrtfdc) >
< DRV - File not found [Kernel | System] -- -- (i2omgmt) >
< DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI) >
< DRV - File not found [Kernel | System] -- -- (Changer) >
< DRV - File not found [Kernel | Auto] -- -- (Aspi32) >
< O2 - BHO: (SelectionLinks) - {29AAADC9-DA30-4264-BCC4-D447F7146FC1} - File not found >
< O2 - BHO: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found >
< O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found. >
< O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found >
< O3 - HKU\All_ON_C\..\Toolbar\WebBrowser: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - Reg Error: Value error. File not found >
< O4 - HKLM..\Run: [KernelFaultCheck] File not found >
< O4 - HKU\All_ON_C..\Run: [ctfmon32.exe] C:\Documents and Settings\All Users\Application Data\wihdr.dat (Microsoft Corporation) >
< O4 - Startup: C:\Documents and Settings\All\Start Menu\Programs\Startup\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) >
< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.) >
Invalid Switch: jin...ndows-i586.cab (Reg Error: Value error.)
< O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) >
Invalid Switch: ultrashim.cab (Reg Error: Key error.)
< O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found. >
< O33 - MountPoints2\{d11a4cf6-e285-11df-8ae7-001fc617befa}\Shell\AutoRun\command - "" = L:\installer.exe >
< O33 - MountPoints2\{d11a4cf6-e285-11df-8ae7-001fc617befa}\Shell\verb\command - "" = L:\installer.exe >
< O33 - MountPoints2\L\Shell - "" = AutoRun >
< O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play >
< O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\setup.exe >
< [2013/05/29 05:22:48 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All\1886466.dll >
Invalid Switch: 29 05:22:48 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All\1886466.dll
< [2013/05/29 12:14:50 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.pad >
Invalid Switch: 29 12:14:50 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.pad
< [2013/05/29 11:43:05 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe >
Invalid Switch: 29 11:43:05 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
< [2013/05/29 05:22:56 | 000,003,074 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.js >
Invalid Switch: 29 05:22:56 | 000,003,074 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rdhiw.js
< @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:?????? >
< @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533 >
< @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD >
< :Services >
< :Reg >
< :Files >
< C:\Documents and Settings\All Users\Application Data\wihdr.dat >
[2013/05/29 05:22:51 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\wihdr.dat
< C:\Documents and Settings\All\Start Menu\Programs\Startup\regmonstd.lnk >
[2013/05/29 05:23:03 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All\Start Menu\Programs\Startup\regmonstd.lnk
< :Commands >
< [purity] >
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:احتضان
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
-
May 31st, 2013, 11:35 AM
#10
Good news 
You were supposed to post a log from OTL fix. You posted new OTL scan log instead.
If you still have fix log I'd like to see it.
If not that's OK.
Next...
Please, complete all steps listed here: http://discussions.virtualdr.com/sho...d.php?t=167915
-
May 31st, 2013, 12:46 PM
#11
Do NOT mark this topic as "Resolved" since we're not done.
Re-read my rules:
Once the computer is totally clean, I'll certainly let you know.
-
May 31st, 2013, 05:30 PM
#12
I'm really grateful for your help, virtualdr has been a great help to me over the years and got me out of some tricky spots. By now I'm an experienced user and I know to run full scans with mbam and anti-virus and did this routinely once the pc was back running - and said that I'd done this. I don't need any further help with that issue. Its a bit disconcerting that you call them your 'rules'.
I'm just left with the left over issue of the startup error, that's all I'm out to fix now. I have no problem if you don't want to address that, but I was surprised that you told all other users that they shouldn't be helping.
Thanks a lot for you help, really.
-
May 31st, 2013, 05:37 PM
#13
You're still infected.
I'll say this one more time only:
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic [...] in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
Up to you.
-
June 1st, 2013, 07:44 AM
#14
Fair enough. Here we go then:
mbam log. It says its clear;
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org
Database version: v2013.05.31.03
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
All :: LIBERTINE1 [administrator]
Protection: Enabled
01/06/2013 12:31:43
mbam-log-2013-06-01 (12-31-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 209954
Time elapsed: 6 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.5.1
Run by All at 12:28:41 on 2013-06-01
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast\AvastSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avast\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Tiny Personal Firewall\persfw.exe
C:\Program Files\SolidPDFCreator\SPC\SolidPdfService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Program Files\SeaMonkey\plugin-container.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SelectionLinks: {29AAADC9-DA30-4264-BCC4-D447F7146FC1} -
BHO: VMN Toolbar: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - <orphaned>
TB: VMN Toolbar: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - LocalServer32 - <no file>
TB: VMN Toolbar: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - LocalServer32 - <no file>
uRun: [EPSON P50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffe.exe /fu "c:\docume~1\all\locals~1\temp\E_S11C.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\all\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\utorrent.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MULTIMEDIA KEYBOARD] c:\program files\netropa\multimedia keyboard\MMKeybd.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SecondBackup_FilesBackup] c:\program files\second backup\SecondBackup.exe 105
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0520E3B7-5B40-4879-AD31-B961CC5438F3} : NameServer = 87.194.255.154,87.194.255.155
TCP: Interfaces\{0520E3B7-5B40-4879-AD31-B961CC5438F3} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: CDBurn - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R? 713xTVCard;SAA7130 TV Card
R? AVGIDSDriver;AVGIDSDriver
R? AVGIDSEH;AVGIDSEH
R? AVGIDSFilter;AVGIDSFilter
R? AVGIDSShim;AVGIDSShim
R? avgwd;AVG WatchDog
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FsUsbExDisk;FsUsbExDisk
R? NuVision;Hauppauge WinTV USB Pro (PAL I,D/K)
R? ohkapviq;ohkapviq
R? pbfilter;pbfilter
R? PhilCap;PhilCap service
R? PortlUSB;PortlUSB
R? VMHybrid;VMHybrid service
R? WDMTVTuner;Universal WDM TV Tuner
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? WsAudioDevice_383;WsAudioDevice_383
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? fwdrv;Tiny Personal Firewall Driver
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? msikbd2k;Multimedia Keyboard Filter Driver
S? nhksrv;Netropa NHK Server
S? SdReadSpool;SolidPDFCreatorReadSpool
.
=============== File Associations ===============
.
ShellExec: SolidPDFCreator.exe: open=c:\program files\solidpdfcreator\spc\SolidPDFCreator.exe
.
=============== Created Last 30 ================
.
2013-06-01 10:14:46 -------- d-----w- c:\documents and settings\all users\application data\Foresight Software
2013-05-31 14:56:02 -------- d-sh--w- C:\found.000
2013-05-29 11:07:12 -------- d---a-w- C:\$Anvi Rescue Disk$
2013-05-11 11:40:32 -------- d-----w- c:\program files\Convert Audio Free
.
==================== Find3M ====================
.
.
============= FINISH: 12:29:37.34 ===============
Attach.txt
.
==== Installed Programs ======================
.
Sansa Media Converter
AceFTP 3 Freeware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Adobe Reader XI
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.9
Any Video Converter 3.1.7
µTorrent
avast! Free Antivirus
AVG 2011
AVIConverter 3.0
AVS Image Converter 1.3.2.141
AVS Update Manager 1.0
AVS Video Tools 5.1
AVS4YOU Software Navigator 1.4
Canon CanoScan Toolbox 4.1
Canon RAW Codec
Cheat Engine 5.6
ClickFix for Cool Edit version 2.06
Compatibility Pack for the 2007 Office system
Content Transfer
Convert Audio Free FLAC to MP3 version 1.0
ConvertXtoDVD 3.1.0.26
Cool Edit 2000
Creative Jukebox Driver
DePopper 2.x
DNA
Dr.Tag v3.0.1
DX-Ball 2 v1.2
Easy CD-DA Extractor 10
EasyCleaner
EPSON Easy Photo Print
EPSON P50 Series Printer Uninstall
Epson Print CD
EVEREST Home Edition v2.20
ffdshow v1.1.3996 [2011-10-13]
File Renamer - Basic
FileSync
FileZilla Client 3.5.1
FLV Player 1.3.3
Folder Colorizer version 1.0.1
Font Xplorer Lite 1.0.0
Fotosizer 1.27
FreeOCR 3.0
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB954550-v5)
ImgBurn
ImTOO DVD Ripper Platinum 5
iZotope RX 2
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 32
Java(TM) 6 Update 6
JavaFX 2.1.1
K-Lite Codec Pack 6.5.0 (Full)
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Codec Pack 4.2.0
Micrografx Picture Publisher 10
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft IntelliType Pro 5.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows Media Video 9 VCM
Microsoft XML Parser
Microsoft_VC100_CRT_SP1_x86
MIKSOFT Mobile Media Converter
Mobipocket Reader 6.2
Movie Joiner
Mozilla Thunderbird 17.0 (x86 en-GB)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Naturpic Video Cutter 2.20
Nero 8 Lite 8.2.8.0
Nokia Connectivity Cable Driver
Nokia Suite
Notepad++
NVIDIA Drivers
OpenOffice.org 3.3
Paint.NET v3.5.1
PC Connectivity Solution
PeerBlock 1.1 (r518)
Pinnacle TVCenter Pro
PowerQuest PartitionMagic 7.0
PrintFolders 2.31
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Recuva
SeaMonkey 2.12.1 (x86 en-GB)
Second Backup 9.9.03
SelectionLinks
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Skype™ 3.8
Smart Office Keyboard
SmartSound Quicktracks Plugin
SolidPDFCreator
SopCast 2.0.4
SPVOD Player1.8
SSC Service Utility v4.20
Subtitle Workshop 2.51
Tiny Personal Firewall 2.0.15 A (221001)
Total Recorder Editor Pro v12.1.1
TVUPlayer 2.3.5.4
Ulead Straight-to-Disc SDK
Update for Windows XP (KB896256)
Vegas Movie Studio Platinum 9.0
VIBE100 Utilities
VirtualCom driver
VLC media player 1.0.1
WebFldrs XP
Wiagra Video Joiner 3
Winamp (Remove Only)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows XP Hotfix - KB891220
Winner Casino
WinRAR archiver
WinZip
Xara3D6
YouTube Downloader 2.6.2
.
==== End Of File ===========================
-
June 1st, 2013, 12:46 PM
#15
 Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
