Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Police Ransom Virus
Message
<blockquote data-quote="edward1" data-source="post: 93597" data-attributes="member: 4314"><p><hr /><p></p><p>Hi. Thanks for your patience.Here we go!</p><p>Reg Error: Key error.)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{903A9E6F-11D4-4546-8CD6-7BEDCE2C8D48}: DhcpNameServer = 192.168.1.1</p><p>O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ipp - No CLSID value found</p><p>O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\msdaipp - No CLSID value found</p><p>O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)</p><p>O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)</p><p>O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\IEBHO.dll) - C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)</p><p>O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - File not found</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)</p><p>O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)</p><p>O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)</p><p>O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)</p><p>O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)</p><p>O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)</p><p>O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)</p><p>O24 - Desktop Components:0 (My Current Home Page) - About:Home</p><p>O24 - Desktop WallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</p><p>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</p><p>O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)</p><p>O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)</p><p>O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)</p><p>O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)</p><p>O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)</p><p>O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)</p><p>O31 - SafeBoot: AlternateShell - cmd.exe</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2010/01/14 17:23:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2012/12/31 10:14:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys</p><p>[2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\little common</p><p>[2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro</p><p>[2012/12/31 08:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro</p><p>[2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\Malwarebytes</p><p>[2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes</p><p>[2012/12/30 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\GridinSoft Trojan Killer</p><p>[2012/12/29 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer</p><p>[2012/12/18 11:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared</p><p>[2012/12/18 11:44:10 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</p><p>[2012/12/18 11:43:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</p><p>[2012/12/18 11:43:47 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</p><p>[2012/12/17 15:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\searchresultstb</p><p>[2012/12/14 10:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Mouse</p><p>[2012/12/14 10:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint</p><p>[2012/12/05 08:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Nero</p><p>[2012/12/04 16:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies</p><p>[2012/12/04 16:52:23 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll</p><p>[2012/12/04 16:52:23 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll</p><p>[2012/12/04 16:52:23 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll</p><p>[2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll</p><p>[2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll</p><p>[2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll</p><p>[2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll</p><p>[2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll</p><p>[2012/12/04 16:52:23 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll</p><p>[2012/12/04 16:52:23 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll</p><p>[2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll</p><p>[2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll</p><p>[2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll</p><p>[2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll</p><p>[2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll</p><p>[2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll</p><p>[2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll</p><p>[2012/12/04 16:52:23 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll</p><p>[2012/12/04 16:52:23 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll</p><p>[2012/12/04 16:52:23 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll</p><p>[2012/12/04 16:52:22 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll</p><p>[2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll</p><p>[2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll</p><p>[2012/12/04 16:52:22 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll</p><p>[2012/12/04 16:52:22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll</p><p>[2012/12/04 16:52:22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll</p><p>[2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll</p><p>[2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll</p><p>[2012/12/04 16:46:50 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll</p><p>[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]</p><p>[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/01/02 14:35:09 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys</p><p>[2013/01/02 14:32:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2013/01/02 14:30:35 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/01/02 14:30:33 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job</p><p>[2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2013/01/02 14:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</p><p>[2013/01/01 21:15:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/01/01 21:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job</p><p>[2013/01/01 21:01:30 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job</p><p>[2013/01/01 19:44:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</p><p>[2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys</p><p>[2012/12/31 09:23:16 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk</p><p>[2012/12/31 09:09:27 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk</p><p>[2012/12/29 14:36:46 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/29 12:10:27 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad</p><p>[2012/12/28 19:57:38 | 000,002,933 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js</p><p>[2012/12/28 16:21:45 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/28 10:56:06 | 000,614,271 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg</p><p>[2012/12/28 10:53:31 | 000,533,625 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg</p><p>[2012/12/23 19:57:01 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\MOT Expiries.wps</p><p>[2012/12/22 12:05:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini</p><p>[2012/12/22 11:56:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/21 19:07:18 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT</p><p>[2012/12/18 17:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job</p><p>[2012/12/18 11:44:10 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</p><p>[2012/12/18 11:43:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</p><p>[2012/12/18 11:43:47 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</p><p>[2012/12/18 11:43:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</p><p>[2012/12/17 13:38:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll</p><p>[2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll</p><p>[2012/12/14 21:01:08 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job</p><p>[2012/12/14 10:09:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe</p><p>[2012/12/14 10:09:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl</p><p>[2012/12/14 10:03:24 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk</p><p>[2012/12/12 21:48:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK</p><p>[2012/12/04 16:50:02 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin</p><p>[2012/12/04 16:50:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin</p><p>[2012/12/04 16:49:52 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin</p><p>[2012/12/03 15:40:50 | 019,460,096 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll</p><p>[2012/12/03 15:40:50 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll</p><p>[2012/12/03 15:40:50 | 007,606,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll</p><p>[2012/12/03 15:40:50 | 005,955,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll</p><p>[2012/12/03 15:40:50 | 004,153,600 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll</p><p>[2012/12/03 15:40:50 | 002,611,560 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll</p><p>[2012/12/03 15:40:50 | 002,441,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll</p><p>[2012/12/03 15:40:50 | 002,283,884 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data</p><p>[2012/12/03 15:40:50 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll</p><p>[2012/12/03 15:40:50 | 001,011,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll</p><p>[2012/12/03 15:40:50 | 000,889,192 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll</p><p>[2012/12/03 15:40:50 | 000,012,951 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb</p><p>[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]</p><p>[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/01/02 14:35:09 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys</p><p>[2013/01/01 21:10:27 | 000,027,902 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\$(KGrHqRHJEkFC(6JS39GBQp6jqdinQ~~60_12.JPG</p><p>[2013/01/01 21:09:59 | 002,179,146 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 7.JPG</p><p>[2013/01/01 21:09:49 | 001,783,120 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 6.JPG</p><p>[2013/01/01 21:09:41 | 002,357,446 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 5.JPG</p><p>[2013/01/01 21:09:31 | 002,769,188 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 4.JPG</p><p>[2013/01/01 21:09:20 | 003,121,303 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 3.JPG</p><p>[2013/01/01 21:08:52 | 001,421,478 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Sale of land to builder of Arthur Rd. houses dated 1914.jpg</p><p>[2013/01/01 20:53:21 | 000,054,599 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Railton.JPG</p><p>[2013/01/01 20:52:32 | 001,991,604 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 2.JPG</p><p>[2013/01/01 20:51:54 | 001,965,226 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo.JPG</p><p>[2012/12/31 08:52:51 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk</p><p>[2012/12/29 12:14:14 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk</p><p>[2012/12/28 18:15:45 | 000,002,933 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js</p><p>[2012/12/28 18:15:12 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad</p><p>[2012/12/28 10:55:27 | 000,614,271 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg</p><p>[2012/12/28 10:52:55 | 000,533,625 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg</p><p>[2012/12/22 11:56:34 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/22 11:56:33 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/14 10:03:57 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job</p><p>[2012/12/14 10:03:24 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk</p><p>[2012/12/04 16:46:54 | 000,012,951 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb</p><p>[2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin</p><p>[2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin</p><p>[2012/09/27 10:02:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin</p><p>[2012/09/03 14:30:00 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\funmoods.crx</p><p>[2012/07/29 17:15:26 | 000,002,298 | ---- | C] () -- C:\WINDOWS\photoimpression.ini</p><p>[2012/04/09 17:26:11 | 000,007,680 | ---- | C] () -- C:\WINDOWS\38535671.exe</p><p>[2012/04/09 17:26:11 | 000,000,486 | ---- | C] () -- C:\WINDOWS\38535671.dat</p><p>[2012/02/15 14:24:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</p><p>[2012/02/09 21:40:00 | 002,283,884 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data</p><p>[2011/12/24 15:54:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini</p><p>[2011/11/29 15:52:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI</p><p>[2011/06/12 15:30:06 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Jane\.recently-used.xbel</p><p>[2011/04/12 10:32:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat</p><p>[2011/04/12 09:53:03 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2011/04/10 11:30:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat</p><p>[2011/04/10 11:24:19 | 000,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini</p><p>[2011/04/10 11:09:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll</p><p>[2011/04/09 22:11:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI</p><p>[2011/04/09 22:09:58 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT</p><p>[2011/04/09 21:37:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat</p><p>[2011/04/09 21:34:28 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI</p><p>[2011/04/09 21:27:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat</p><p>[2010/10/02 11:01:52 | 000,011,800 | ---- | C] () -- C:\Program Files\xx.jpg</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2011/04/09 21:33:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 08:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2010/01/17 13:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy</p><p>[2010/05/06 08:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9</p><p>[2010/01/26 15:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure</p><p>[2010/08/09 13:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor</p><p>[2010/10/13 17:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!</p><p>[2010/05/04 16:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft</p><p>[2010/01/17 13:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP</p><p>[2010/09/29 14:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i</p><p>[2012/07/11 13:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software</p><p>[2011/10/01 09:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon</p><p>[2012/11/28 08:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess</p><p>[2011/04/17 17:25:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ</p><p>[2011/04/11 20:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations</p><p>[2011/04/12 10:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FileCure</p><p>[2012/11/01 14:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GBox</p><p>[2012/12/31 10:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro</p><p>[2012/08/08 09:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate</p><p>[2011/10/24 20:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit</p><p>[2012/10/10 09:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IsolatedStorage</p><p>[2012/04/17 18:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nokia</p><p>[2012/04/17 18:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NokiaInstallerCache</p><p>[2011/04/11 20:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance</p><p>[2012/11/21 09:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic</p><p>[2012/04/17 18:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite</p><p>[2012/08/08 09:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium</p><p>[2011/04/11 20:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft</p><p>[2011/04/10 15:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SupportSoft</p><p>[2011/10/01 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer</p><p>[2012/04/05 17:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}</p><p>[2012/03/03 21:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\alotappbar</p><p>[2011/10/01 09:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Babylon</p><p>[2011/04/14 21:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Canon Easy-WebPrint EX</p><p>[2012/09/03 14:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Complitly</p><p>[2011/06/12 15:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\deluge</p><p>[2012/09/04 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Digiarty</p><p>[2012/11/21 09:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\DriverCure</p><p>[2012/09/03 14:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\EasyBurner</p><p>[2012/11/21 18:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\ElevatedDiagnostics</p><p>[2012/09/02 12:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\FreeBurner</p><p>[2011/06/12 15:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\gtk-2.0</p><p>[2012/12/17 15:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\ilividtoolbarguid</p><p>[2012/10/10 09:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\IsolatedStorage</p><p>[2012/04/17 18:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Nokia</p><p>[2011/04/11 20:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Nuance</p><p>[2012/11/21 09:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\ParetoLogic</p><p>[2012/04/17 20:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\PC Suite</p><p>[2012/12/29 11:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\PriceGong</p><p>[2011/08/31 08:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\searchquband</p><p>[2012/09/02 12:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\searchqutoolbar</p><p>[2012/12/17 15:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\searchresultstb</p><p>[2012/04/25 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\SuperPump</p><p>[2011/05/11 17:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Template</p><p>[2012/04/22 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\TomTom</p><p>[2011/04/11 20:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Zeon</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72</p><p>@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="edward1, post: 93597, member: 4314"] [hr] Hi. Thanks for your patience.Here we go! Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{903A9E6F-11D4-4546-8CD6-7BEDCE2C8D48}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\IEBHO.dll) - C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/14 17:23:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/12/31 10:14:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\little common [2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012/12/31 08:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro [2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\Malwarebytes [2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes [2012/12/30 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\GridinSoft Trojan Killer [2012/12/29 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer [2012/12/18 11:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2012/12/18 11:44:10 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2012/12/18 11:43:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2012/12/18 11:43:47 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2012/12/17 15:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\searchresultstb [2012/12/14 10:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Mouse [2012/12/14 10:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint [2012/12/05 08:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Nero [2012/12/04 16:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2012/12/04 16:52:23 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll [2012/12/04 16:52:23 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll [2012/12/04 16:52:23 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll [2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll [2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll [2012/12/04 16:52:23 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll [2012/12/04 16:52:23 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll [2012/12/04 16:52:23 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll [2012/12/04 16:52:23 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll [2012/12/04 16:52:23 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll [2012/12/04 16:52:22 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll [2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll [2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll [2012/12/04 16:52:22 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll [2012/12/04 16:52:22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll [2012/12/04 16:52:22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll [2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll [2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll [2012/12/04 16:46:50 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/01/02 14:35:09 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys [2013/01/02 14:32:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2013/01/02 14:30:35 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/01/02 14:30:33 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2013/01/02 14:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/01/01 21:15:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/01/01 21:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/01 21:01:30 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013/01/01 19:44:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/12/31 09:23:16 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk [2012/12/31 09:09:27 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk [2012/12/29 14:36:46 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/29 12:10:27 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad [2012/12/28 19:57:38 | 000,002,933 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js [2012/12/28 16:21:45 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/28 10:56:06 | 000,614,271 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg [2012/12/28 10:53:31 | 000,533,625 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg [2012/12/23 19:57:01 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\MOT Expiries.wps [2012/12/22 12:05:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/12/22 11:56:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/21 19:07:18 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/18 17:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/12/18 11:44:10 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2012/12/18 11:43:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2012/12/18 11:43:47 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2012/12/18 11:43:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2012/12/17 13:38:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012/12/14 21:01:08 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job [2012/12/14 10:09:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/12/14 10:09:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/12/14 10:03:24 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk [2012/12/12 21:48:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/12/04 16:50:02 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/12/04 16:50:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/12/04 16:49:52 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/12/03 15:40:50 | 019,460,096 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll [2012/12/03 15:40:50 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll [2012/12/03 15:40:50 | 007,606,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll [2012/12/03 15:40:50 | 005,955,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll [2012/12/03 15:40:50 | 004,153,600 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll [2012/12/03 15:40:50 | 002,611,560 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll [2012/12/03 15:40:50 | 002,441,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll [2012/12/03 15:40:50 | 002,283,884 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data [2012/12/03 15:40:50 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll [2012/12/03 15:40:50 | 001,011,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll [2012/12/03 15:40:50 | 000,889,192 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll [2012/12/03 15:40:50 | 000,012,951 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/02 14:35:09 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys [2013/01/01 21:10:27 | 000,027,902 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\$(KGrHqRHJEkFC(6JS39GBQp6jqdinQ~~60_12.JPG [2013/01/01 21:09:59 | 002,179,146 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 7.JPG [2013/01/01 21:09:49 | 001,783,120 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 6.JPG [2013/01/01 21:09:41 | 002,357,446 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 5.JPG [2013/01/01 21:09:31 | 002,769,188 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 4.JPG [2013/01/01 21:09:20 | 003,121,303 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 3.JPG [2013/01/01 21:08:52 | 001,421,478 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Sale of land to builder of Arthur Rd. houses dated 1914.jpg [2013/01/01 20:53:21 | 000,054,599 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Railton.JPG [2013/01/01 20:52:32 | 001,991,604 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 2.JPG [2013/01/01 20:51:54 | 001,965,226 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo.JPG [2012/12/31 08:52:51 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk [2012/12/29 12:14:14 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk [2012/12/28 18:15:45 | 000,002,933 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js [2012/12/28 18:15:12 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad [2012/12/28 10:55:27 | 000,614,271 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg [2012/12/28 10:52:55 | 000,533,625 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg [2012/12/22 11:56:34 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/22 11:56:33 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/14 10:03:57 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job [2012/12/14 10:03:24 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk [2012/12/04 16:46:54 | 000,012,951 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/09/27 10:02:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/09/03 14:30:00 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\funmoods.crx [2012/07/29 17:15:26 | 000,002,298 | ---- | C] () -- C:\WINDOWS\photoimpression.ini [2012/04/09 17:26:11 | 000,007,680 | ---- | C] () -- C:\WINDOWS\38535671.exe [2012/04/09 17:26:11 | 000,000,486 | ---- | C] () -- C:\WINDOWS\38535671.dat [2012/02/15 14:24:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/09 21:40:00 | 002,283,884 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011/12/24 15:54:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/11/29 15:52:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2011/06/12 15:30:06 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Jane\.recently-used.xbel [2011/04/12 10:32:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/04/12 09:53:03 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/10 11:30:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/04/10 11:24:19 | 000,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini [2011/04/10 11:09:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2011/04/09 22:11:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/04/09 22:09:58 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/04/09 21:37:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/04/09 21:34:28 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2011/04/09 21:27:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/10/02 11:01:52 | 000,011,800 | ---- | C] () -- C:\Program Files\xx.jpg [color=#E56717]========== ZeroAccess Check ==========[/color] [2011/04/09 21:33:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 08:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2010/01/17 13:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy [2010/05/06 08:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/01/26 15:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure [2010/08/09 13:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2010/10/13 17:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2010/05/04 16:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2010/01/17 13:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/09/29 14:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i [2012/07/11 13:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software [2011/10/01 09:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon [2012/11/28 08:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess [2011/04/17 17:25:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ [2011/04/11 20:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations [2011/04/12 10:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FileCure [2012/11/01 14:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GBox [2012/12/31 10:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro [2012/08/08 09:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate [2011/10/24 20:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit [2012/10/10 09:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IsolatedStorage [2012/04/17 18:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nokia [2012/04/17 18:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NokiaInstallerCache [2011/04/11 20:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance [2012/11/21 09:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic [2012/04/17 18:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite [2012/08/08 09:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium [2011/04/11 20:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft [2011/04/10 15:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SupportSoft [2011/10/01 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer [2012/04/05 17:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF} [2012/03/03 21:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\alotappbar [2011/10/01 09:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Babylon [2011/04/14 21:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Canon Easy-WebPrint EX [2012/09/03 14:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Complitly [2011/06/12 15:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\deluge [2012/09/04 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Digiarty [2012/11/21 09:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\DriverCure [2012/09/03 14:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\EasyBurner [2012/11/21 18:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\ElevatedDiagnostics [2012/09/02 12:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\FreeBurner [2011/06/12 15:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\gtk-2.0 [2012/12/17 15:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\ilividtoolbarguid [2012/10/10 09:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\IsolatedStorage [2012/04/17 18:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Nokia [2011/04/11 20:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Nuance [2012/11/21 09:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\ParetoLogic [2012/04/17 20:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\PC Suite [2012/12/29 11:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\PriceGong [2011/08/31 08:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\searchquband [2012/09/02 12:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\searchqutoolbar [2012/12/17 15:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\searchresultstb [2012/04/25 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\SuperPump [2011/05/11 17:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Template [2012/04/22 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\TomTom [2011/04/11 20:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Zeon [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA < End of report >[/hr] [/QUOTE]
Insert quotes…
Verification
Post reply
Top