Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ran LSP-Fix on Win7 64x - Now Unable to Load Any Webpage [Solved]

Started by Matt Smith , Jan 04 2012 12:48 AM

  • This topic is locked This topic is locked

#61
SweetTech
Posted 08 January 2012 - 05:39 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:thumbsup:

Please post the new OTL log as well as an update on how things are running with your computer when you get a chance.
  • 0

Advertisements

#62
Matt Smith
Posted 08 January 2012 - 05:47 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Report on stability of computer:
So far the internet seems to be up and running without problem. Not sure if the redirections are gone but, I haven't experienced any so far. So I think it may be fixed. Which would be awesome. I plan on tipping you for your help.. of course :]

OTL Scan:
OTL logfile created on: 1/8/2012 3:31:15 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mafu\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 65.55% Memory free
7.99 Gb Paging File | 6.46 Gb Available in Paging File | 80.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 27.35 Gb Free Space | 11.75% Space Free | Partition Type: NTFS

Computer Name: AEON | User Name: Mafu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/01/04 00:22:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 14:58:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/21 23:21:20 | 000,014,848 | ---- | M] () -- C:\Users\Mafu\Desktop\New folder\volumouse32.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 12:48:55 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/24 14:58:58 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/21 23:21:20 | 000,014,848 | ---- | M] () -- C:\Users\Mafu\Desktop\New folder\volumouse32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/25 18:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/16 14:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 14:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/12 08:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/17 03:50:44 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 12:48:55 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/24 12:33:26 | 000,921,600 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/19 04:36:53 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2011/08/08 10:13:12 | 000,198,480 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/02/17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/30 08:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/11/25 20:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/11/25 20:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 18:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/11/25 07:28:54 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2010/09/26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/29 09:01:53 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/16 02:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/07/16 14:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 14:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/09 16:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/16 12:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)
DRV:64bit: - [2009/07/23 23:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 16:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 21:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/11/10 05:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2011/12/24 15:08:12 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 DE 89 52 9C B7 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=1.0.2: C:\Program Files (x86)\TorrentStream\npvlc.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mafu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mafu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mafu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mafu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mafu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 9.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012/01/07 06:52:07 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 9.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/23 18:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/24 14:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/22 00:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/12/15 01:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Users\Mafu\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2011/06/27 14:57:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Mafu\AppData\Roaming\IDM\idmmzcc3

[2011/09/28 00:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Extensions
[2011/09/28 00:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/01/07 17:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions
[2012/01/05 20:22:15 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/05/22 05:41:44 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/11/12 01:45:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/21 01:33:14 | 000,000,000 | ---D | M] ("VWC Cocoon") -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\[email protected]
[2011/12/15 01:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6ig01k7m.default\extensions
[2011/11/26 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/24 14:58:59 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/24 14:58:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/24 14:58:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/23 02:07:53 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeyExtender.exe] C:\Program Files (x86)\KeyExtender\KeyExtender.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [$Volumouse$] C:\Users\Mafu\Desktop\New folder\volumouse.exe (NirSoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CA9D193-F66A-4E15-B9E2-EB4056CC71F5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B9FFDE1-1B19-47A1-9AA7-FF552F2B79E5}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.I420 - File not found
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/01/08 03:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/01/08 03:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/08 01:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/08 01:52:41 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/08 01:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/07 23:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/07 23:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/07 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/07 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/07 23:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/01/07 23:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/07 23:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/01/07 23:07:03 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\redsn0w
[2012/01/07 23:04:49 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\redsn0w_win_0.9.10b3
[2012/01/07 07:28:50 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\New folder
[2012/01/07 06:57:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/07 06:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox
[2012/01/07 00:35:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/06 23:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/06 23:45:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/06 00:01:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/04 01:02:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/04 01:01:24 | 004,373,779 | R--- | C] (Swearware) -- C:\Users\Mafu\Desktop\ComboFix.exe
[2012/01/04 00:28:13 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\tdsskiller
[2012/01/04 00:28:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
[2012/01/03 13:50:37 | 004,754,944 | ---- | C] (Geza Kovacs) -- C:\Users\Mafu\Desktop\unetbootin-windows-563.exe
[2012/01/02 22:43:37 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\Cd Keys_files
[2012/01/02 21:29:24 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\MigWiz
[2011/12/31 22:28:42 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\CrashDumps
[2011/12/29 02:00:28 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\Threat Expert
[2011/12/25 00:19:52 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/12/25 00:19:52 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/12/25 00:19:51 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/12/25 00:19:51 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/12/25 00:19:48 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/12/25 00:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/12/25 00:19:44 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\PC Tools
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/24 23:45:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/24 23:45:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/24 23:45:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/24 23:45:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/24 15:11:12 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\f-secure
[2011/12/24 15:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/12/21 23:43:32 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Malwarebytes
[2011/12/21 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/21 21:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/21 21:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/17 03:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyExtender
[2011/12/17 03:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyExtender
[2011/12/15 01:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
[2011/12/15 01:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SeaMonkey
[2011/12/15 01:31:48 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/12/15 01:23:07 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\KompoZer
[2011/12/15 01:20:39 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Nvu
[2011/12/13 22:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2011/12/12 21:19:52 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\inMomentum
[2011/12/12 21:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\inMomentum
[2011/12/12 01:44:36 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\EapmapUI

========== Files - Modified Within 30 Days ==========

[2012/01/08 03:35:56 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 03:35:56 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 03:30:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000UA.job
[2012/01/08 03:29:34 | 000,000,003 | ---- | M] () -- C:\Users\Mafu\AppData\Roaming\ispnetkey.dll
[2012/01/08 03:28:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/08 03:28:20 | 3219,521,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/08 03:28:10 | 001,660,098 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/08 03:09:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/08 03:09:32 | 001,348,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/08 03:09:32 | 000,363,868 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/08 03:09:32 | 000,006,642 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/08 03:06:49 | 000,001,437 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/08 03:02:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/08 03:02:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/08 01:52:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 17:41:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000Core.job
[2012/01/07 13:22:10 | 000,002,052 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/07 07:56:22 | 000,002,955 | ---- | M] () -- C:\Users\Mafu\Desktop\wmndata.xn
[2012/01/07 07:40:43 | 000,001,830 | ---- | M] () -- C:\Users\Mafu\Desktop\me.com.js
[2012/01/07 06:52:08 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2012/01/07 00:35:53 | 000,879,683 | ---- | M] () -- C:\Users\Mafu\Desktop\SecurityCheck.exe
[2012/01/06 23:23:35 | 004,373,779 | R--- | M] (Swearware) -- C:\Users\Mafu\Desktop\ComboFix.exe
[2012/01/05 18:53:16 | 493,166,498 | ---- | M] () -- C:\registrybackup.reg
[2012/01/04 11:41:40 | 000,333,917 | ---- | M] () -- C:\Users\Mafu\Desktop\FSS.exe
[2012/01/04 00:28:25 | 000,006,452 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/04 00:25:56 | 001,558,406 | ---- | M] () -- C:\Users\Mafu\Desktop\tdsskiller.zip
[2012/01/04 00:22:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
[2012/01/03 20:54:47 | 000,000,002 | ---- | M] () -- C:\$drvmig$
[2012/01/03 20:49:42 | 000,002,188 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/03 20:49:38 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/03 13:49:52 | 004,754,944 | ---- | M] (Geza Kovacs) -- C:\Users\Mafu\Desktop\unetbootin-windows-563.exe
[2012/01/02 22:46:36 | 000,010,362 | ---- | M] () -- C:\Users\Mafu\Desktop\Cd Keys.htm
[2012/01/02 21:58:38 | 004,977,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/01 20:33:24 | 552,267,682 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/25 13:22:45 | 000,000,154 | ---- | M] () -- C:\Users\Mafu\Desktop\Reset.bat
[2011/12/25 01:01:29 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/25 00:19:47 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/24 15:08:12 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/24 14:56:32 | 000,000,450 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/12/23 02:07:53 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/21 22:45:08 | 000,000,104 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/17 03:38:59 | 000,000,977 | ---- | M] () -- C:\Users\Mafu\Desktop\KeyExtender.lnk
[2011/12/15 01:32:14 | 000,002,014 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2011/12/15 01:32:14 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2011/12/15 01:29:56 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/12/12 21:19:52 | 000,001,248 | ---- | M] () -- C:\Users\Mafu\Desktop\inMomentum.lnk
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/08 03:09:20 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/08 03:06:58 | 000,000,003 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\ispnetkey.dll
[2012/01/08 03:02:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/08 03:02:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/08 01:52:43 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 07:56:17 | 000,002,955 | ---- | C] () -- C:\Users\Mafu\Desktop\wmndata.xn
[2012/01/07 07:40:42 | 000,001,830 | ---- | C] () -- C:\Users\Mafu\Desktop\me.com.js
[2012/01/07 06:52:08 | 000,000,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[2012/01/07 06:52:08 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2012/01/07 00:35:52 | 000,879,683 | ---- | C] () -- C:\Users\Mafu\Desktop\SecurityCheck.exe
[2012/01/05 18:52:46 | 493,166,498 | ---- | C] () -- C:\registrybackup.reg
[2012/01/04 11:51:57 | 000,333,917 | ---- | C] () -- C:\Users\Mafu\Desktop\FSS.exe
[2012/01/04 00:28:06 | 001,558,406 | ---- | C] () -- C:\Users\Mafu\Desktop\tdsskiller.zip
[2012/01/02 23:23:57 | 000,000,002 | ---- | C] () -- C:\$drvmig$
[2012/01/02 23:13:44 | 3605,774,336 | ---- | C] () -- C:\Users\Mafu\Desktop\6801.0.080913-2030_Client_en-us_ULTIMATE-ULTIMATE_GB1CXFRE_EN_DVD.iso
[2012/01/02 22:43:37 | 000,010,362 | ---- | C] () -- C:\Users\Mafu\Desktop\Cd Keys.htm
[2012/01/01 20:33:24 | 552,267,682 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/25 11:18:54 | 000,000,154 | ---- | C] () -- C:\Users\Mafu\Desktop\Reset.bat
[2011/12/25 00:19:56 | 001,660,098 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/25 00:19:47 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/24 23:45:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/24 23:45:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/24 23:45:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/24 23:45:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/24 23:45:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/24 15:08:09 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/21 22:45:08 | 000,000,104 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/17 03:38:59 | 000,000,977 | ---- | C] () -- C:\Users\Mafu\Desktop\KeyExtender.lnk
[2011/12/15 01:32:14 | 000,002,014 | ---- | C] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2011/12/15 01:32:14 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2011/12/13 22:41:49 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/12 21:19:52 | 000,001,248 | ---- | C] () -- C:\Users\Mafu\Desktop\inMomentum.lnk
[2011/11/07 00:39:56 | 000,066,936 | -HS- | C] () -- C:\Windows\dlinfo_0.drv
[2011/08/05 00:54:32 | 000,057,344 | ---- | C] () -- C:\Windows\rzrunins.exe
[2011/07/09 02:48:38 | 000,000,600 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\winscp.rnd
[2011/06/19 00:42:55 | 000,000,020 | ---- | C] () -- C:\Windows\Converter.INI
[2011/06/09 23:56:10 | 000,000,687 | ---- | C] () -- C:\Windows\SysWow64\wta_Two.dat
[2011/06/09 23:46:35 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\wta_One.dat
[2011/06/09 23:44:00 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\wta.dat
[2011/06/09 18:49:52 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\wta.ini
[2011/06/03 20:06:31 | 004,718,592 | ---- | C] () -- C:\Windows\SysWow64\savegame.bin
[2011/05/31 19:55:42 | 000,064,048 | ---- | C] () -- C:\Windows\SysWow64\Hidhlp.dll
[2011/05/31 19:55:42 | 000,011,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\KMDX.sys
[2011/05/12 21:07:42 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/12 20:52:13 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/12 20:51:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/09 05:03:01 | 000,001,456 | ---- | C] () -- C:\Users\Mafu\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/07 00:52:35 | 000,003,584 | ---- | C] () -- C:\Users\Mafu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 22:58:46 | 000,000,017 | ---- | C] () -- C:\Users\Mafu\AppData\Local\resmon.resmoncfg
[2011/03/31 00:48:21 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011/03/30 23:26:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/30 23:26:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/30 23:26:18 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/30 23:26:18 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/30 23:26:18 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/20 02:55:39 | 000,000,426 | ---- | C] () -- C:\Windows\aspack.ini
[2011/02/01 20:02:16 | 000,000,132 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/18 00:14:04 | 000,000,173 | ---- | C] () -- C:\Users\Mafu\AppData\Local\msmathematics.qat.Mafu
[2011/01/17 19:05:17 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/01/03 22:51:33 | 000,000,450 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/03 00:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/01/02 19:41:19 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/01/02 18:12:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/24 05:37:39 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/12/22 00:34:41 | 000,006,642 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 04:17:44 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010/12/20 03:44:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/17 11:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== LOP Check ==========

[2011/09/27 01:55:55 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.minecraft
[2010/09/20 01:22:32 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.minecraft server
[2011/01/21 01:28:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.Torrent Stream
[2011/07/09 02:07:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\AbsoluteTelnet
[2011/01/15 02:16:13 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\aicon
[2011/06/12 23:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Anywhere Software
[2011/05/08 02:46:43 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\AtomZombieData
[2011/05/18 03:04:49 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Blender Foundation
[2011/01/28 02:23:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\BOXEE
[2011/04/06 03:13:16 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Bridge!
[2011/04/27 00:07:18 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Colibri Games
[2011/04/17 18:44:09 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\DMCache
[2011/05/25 07:55:14 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\DroidExplorer
[2011/07/01 02:21:20 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Dropbox
[2010/12/24 05:39:01 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\EDrawings
[2011/12/24 15:11:12 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\f-secure
[2011/09/27 03:30:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\FileZilla
[2011/05/20 23:42:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\FMZilla
[2011/05/24 08:32:59 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\gtk-2.0
[2011/01/19 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Hackety Hack
[2011/03/04 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\HandBrake
[2011/05/17 21:48:57 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\illumination
[2011/09/16 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\ImgBurn
[2011/01/05 12:03:22 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\IrfanView
[2011/04/09 05:11:41 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Key Metric Software
[2011/12/15 01:23:08 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\KompoZer
[2011/03/20 23:01:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Lamantine
[2011/05/15 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\LazyDroid Client
[2011/03/04 16:28:04 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Leadertech
[2011/06/19 20:38:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\MDCrack
[2010/12/20 05:26:48 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Mount&Blade Warband
[2011/05/03 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/12/25 01:12:17 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Notepad++
[2011/12/15 01:20:39 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Nvu
[2011/10/14 03:01:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\OnLive App
[2011/05/06 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Opera
[2011/01/23 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\PACE Anti-Piracy
[2011/09/28 00:02:39 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pegtop
[2011/09/28 00:56:47 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pencil
[2011/05/19 22:08:09 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\poclbm
[2011/01/17 18:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pogo
[2012/01/07 23:22:59 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\redsn0w
[2011/07/14 03:53:27 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\SystemRequirementsLab
[2011/12/31 22:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\TeamViewer
[2011/10/26 21:07:35 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\TeraCopy
[2011/03/24 01:23:27 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\The Creative Assembly
[2011/03/25 12:52:21 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Tropico 3
[2011/01/02 23:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Tunngle
[2011/01/12 21:15:50 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Ubisoft
[2011/05/04 00:36:36 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Unity
[2011/10/02 17:05:56 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Unzbin
[2011/06/02 21:48:40 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\updatetool
[2012/01/08 03:10:07 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\uTorrent
[2010/12/20 06:22:11 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\VitySoft
[2011/08/06 01:47:14 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\VOS
[2011/05/13 00:34:46 | 000,000,000 | -HSD | M] -- C:\Users\Mafu\AppData\Roaming\wyUpdate AU
[2011/08/07 04:02:55 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\XLink Kai
[2011/12/29 02:07:11 | 000,031,692 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Waterfox\uninstall\helper.exe" /HideShortcuts [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Waterfox\uninstall\helper.exe" /ShowShortcuts [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Waterfox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Waterfox\firefox.exe [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Waterfox\firefox.exe" -preferences [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Waterfox\firefox.exe" -safe-mode [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /HideShortcuts [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /ShowShortcuts [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open\command\\: C:\Program Files (x86)\SeaMonkey\seamonkey.exe [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties\command\\: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -preferences [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode\command\\: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -safe-mode [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Edited by Matt Smith, 08 January 2012 - 05:49 AM.

  • 0

#63
SweetTech
Posted 08 January 2012 - 05:51 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Matt!

Looks like your host file is still infected.

Run this batch file for me to fix that.

We Need to Run a Batch Script

  • Press the Windows Logo in the bottom left corner of your screen.
  • In the Posted Image box, enter notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into notepad.
    @echo off
attrib -r -h -s "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
attrib -r -h -s "C:\Windows\SysNative\drivers\etc\hosts"
attrib -r -h -s "C:\Windows\SysWOW64\drivers\etc\hosts"
del /q /f "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
del /q /f "C:\Windows\SysNative\drivers\etc\hosts"
del /q /f "C:\Windows\SysWOW64\drivers\etc\hosts"
echo 127.0.0.1 localhost > "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
echo 127.0.0.1 localhost > "C:\Windows\SysNative\drivers\etc\hosts"
echo 127.0.0.1 localhost > "C:\Windows\SysWOW64\drivers\etc\hosts"
del %0
  • Select File -> Save.
  • Press the Desktop button on the left side of the save dialog.
  • In the Posted Image box, type in Fix.bat.
  • Press Posted Image.
  • Close Notepad.
  • Right click Posted Image on your desktop, and choose Posted Image.
  • Press Yes if prompted by User Account Control.


Double click on Fix.bat


NEXT:



We Need to Run a Batch Script

  • Press the Windows Logo in the bottom left corner of your screen.
  • In the Posted Image box, enter notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into notepad.
    @echo off
echo This is the hosts file from sysnative >file.txt
type C:\Windows\SysNative\drivers\etc\hosts >>file.txt
echo This is the host file from system32 >>file.txt
type C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS >>file.txt
echo This is the host file from syswow >>file.txt
type C:\Windows\SysWOW64\drivers\etc\hosts>> file.txt
file.txt
  • Select File -> Save.
  • Press the Desktop button on the left side of the save dialog.
  • In the Posted Image box, type in Fix.bat.
  • Press Posted Image.
  • Close Notepad.
  • Right click Posted Image on your desktop, and choose Posted Image.
  • Press Yes if prompted by User Account Control.


Please post the contents of the File.txt log file in your next reply.
  • 0

#64
Matt Smith
Posted 08 January 2012 - 05:55 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
The command prompt reported "The system cannot find the path specified" twice, then popped up the log.

Update: Looking in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC Folder, It appears the HOSTS file is hidden, but if I run C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS through the Run command, the file opens. I have confirmed that I have "Show hidden files" on, but the Hosts file is still hidden.

This is the hosts file from sysnative
This is the host file from system32
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

Edited by Matt Smith, 08 January 2012 - 06:07 AM.

  • 0

#65
SweetTech
Posted 08 January 2012 - 06:05 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay.

Looks like that fixed the issue with the infected host file.

How are things running? Are you experiencing any outstanding issues with your computer or do you think you're ready to proceed with the clean-up procedure?
  • 1

#66
Matt Smith
Posted 08 January 2012 - 06:08 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I think as for the redirection problems are gone. Or at least I hope. Which I expect they are since I haven't experienced any. Lets move onto the clean up.

Report on stability of computer:
So far the internet seems to be up and running without problem. Not sure if the redirections are gone but, I haven't experienced any so far. So I think it may be fixed. Which would be awesome. I plan on tipping you for your help.. of course :]


Edited by Matt Smith, 08 January 2012 - 06:11 AM.

  • 0

#67
SweetTech
Posted 08 January 2012 - 06:09 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Great! Glad to hear that!

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
[ClearAllRestorePoints]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#68
Matt Smith
Posted 08 January 2012 - 06:23 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Alright, This is where I thank you for your knowledge and for taking time out of your day to help a random person. THANKSSSSS! Will Definitely come back here again. Would give you HUGE rep if I could only figure out how to. Is paypal the main way you prefer to accept donations?

$20 Donated to YOU! I know it's not a lot, but It's what I can do at the moment. Seriously, Thank's AGAIN!

Edited by Matt Smith, 08 January 2012 - 06:32 AM.

  • 0

#69
SweetTech
Posted 08 January 2012 - 06:30 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Matt,

You're more than welcome!

Would give you HUGE rep if I could only figure out how to.

If you're interested in giving a rep, you could click on the green + button on any of my posts.

Is paypal the main way you prefer to accept donations?

Yes, at this time it is.

Kindest Regards,
ST.
  • 1

#70
Matt Smith
Posted 08 January 2012 - 06:34 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Every time I click the green button on any post, I receive an error stating:
"Action failed:
done"
  • 0

Advertisements

#71
SweetTech
Posted 08 January 2012 - 06:43 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Every time I click the green button on any post, I receive an error stating:
"Action failed:
done"

That's a known bug with the forum software. It looks like the rep was added successfully as you will see a number next to that post now.

Kindest Regards,
ST.
  • 0

#72
Matt Smith
Posted 08 January 2012 - 06:47 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
SweetTech
Thanks for the time you invested in helping me. I highly respect the fact that you volunteer to help people with their computer problems. I accidentally stumbled on this site and I'm glad I did. THANK YOU! Now go buy yourself something for breakfast :]

-Matt
  • 0

#73
Matt Smith
Posted 09 January 2012 - 01:31 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Was just redirected to:

Mod Edit: Removed URL.--ST

Edited by SweetTech, 17 January 2012 - 11:10 PM.

  • 0

#74
SweetTech
Posted 09 January 2012 - 02:53 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Matt,

What website were you attempting to go to when you got redirected to that link??

What browser did the redirect happen in?

Kindest Regards,
ST
  • 0

#75
Matt Smith
Posted 09 January 2012 - 03:11 AM

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I'm not totally sure on the website, but I've seen that IP address before with the constant redirections.
I'm using firefox.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP