1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Computer restart virus?

Discussion in 'Malware and Virus Removal Archive' started by yu9wang, 2010/10/31.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. 2010/11/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, this log is from safe mode.
    Re-run OTL with my script (post #10) from normal mode.
    When you post it, I'll remove log, I just posted for you.
     
    broni,
    #21
  2. 2010/11/06
    yu9wang

    yu9wang Inactive Thread Starter

    Joined:
    2010/10/31
    Messages:
    33
    Likes Received:
    1
    Err, my computer still restarts in normal mode.
     
    yu9wang,
    #22


  3. to hide this advert.

  4. 2010/11/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK then.
    Let me take a look at your last log....
     
    broni,
    #23
  5. 2010/11/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\yuandaw\LOCALS~1\Temp\Din30.tmp -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva344.sys -- (XDva344)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\HP_Owner\Application Data\FlashGetBHO\FlashGetBHO3.dll File not found
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/10/24 06:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 1173 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:DUOwQJpVHGlXV0uJ0yE33eHC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1088 bytes -> C:\Program Files\Outlook Express:wkFj6jTengn5kYpAw6aExoy
@Alternate Data Stream - 1065 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:JnKXccNEkIHredXDecTCaaSS

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

    Attempt to restart in normal mode.
     
    broni,
    #24
  6. 2010/11/07
    yu9wang

    yu9wang Inactive Thread Starter

    Joined:
    2010/10/31
    Messages:
    33
    Likes Received:
    1
    All processes killed
    ========== OTL ==========
    Service XDva370 stopped successfully!
    Service XDva370 deleted successfully!
    File C:\DOCUME~1\yuandaw\LOCALS~1\Temp\Din30.tmp not found.
    Service XDva344 stopped successfully!
    Service XDva344 deleted successfully!
    File C:\WINDOWS\System32\XDva344.sys not found.
    Error: No service named EagleNT was found to stop!
    Service\Driver key EagleNT not found.
    File C:\WINDOWS\System32\drivers\EagleNT.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
    C:\WINDOWS\000001_.tmp deleted successfully.
    C:\WINDOWS\003075_.tmp deleted successfully.
    C:\WINDOWS\LastGood.Tmp\INF\oem67.inf deleted successfully.
    C:\WINDOWS\LastGood.Tmp\INF\oem67.PNF deleted successfully.
    C:\WINDOWS\LastGood.Tmp\INF folder deleted successfully.
    C:\WINDOWS\LastGood.Tmp folder deleted successfully.
    C:\WINDOWS\System32\56.tmp deleted successfully.
    C:\WINDOWS\System32\57.tmp deleted successfully.
    C:\WINDOWS\System32\58.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Log\IDP\log folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Log\IDP folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Microsoft:DUOwQJpVHGlXV0uJ0yE33eHC deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
    ADS C:\Program Files\Outlook Express:wkFj6jTengn5kYpAw6aExoy deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Microsoft:JnKXccNEkIHredXDecTCaaSS deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 139082804 bytes
    ->Temporary Internet Files folder emptied: 3142613 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 46831286 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1292 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 11724 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: HP_Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5762728 bytes
    ->Java cache emptied: 15963982 bytes
    ->FireFox cache emptied: 13368564 bytes
    ->Google Chrome cache emptied: 819568 bytes
    ->Flash cache emptied: 79308 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 327974 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: yuandaw
    ->Temp folder emptied: 298058 bytes
    ->Temporary Internet Files folder emptied: 463502 bytes
    ->Java cache emptied: 3788954 bytes
    ->FireFox cache emptied: 97104881 bytes
    ->Google Chrome cache emptied: 819568 bytes
    ->Flash cache emptied: 60728 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 33079 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 15196411 bytes
    RecycleBin emptied: 1616330 bytes

    Total Files Cleaned = 329.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: HP_Owner
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: yuandaw
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11072010_044627

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    yu9wang,
    #25
  7. 2010/11/07
    yu9wang

    yu9wang Inactive Thread Starter

    Joined:
    2010/10/31
    Messages:
    33
    Likes Received:
    1
    Broni, do I paste the code in and then press quick scan, or do I just press quick scan with no code? When I press quick scan with no code, nothing happens.
     
    yu9wang,
    #26
  8. 2010/11/07
    yu9wang

    yu9wang Inactive Thread Starter

    Joined:
    2010/10/31
    Messages:
    33
    Likes Received:
    1
    OTL logfile created on: 11/7/2010 4:58:16 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    503.00 Mb Total Physical Memory | 232.00 Mb Available Physical Memory | 46.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 178.79 Gb Total Space | 67.45 Gb Free Space | 37.73% Space Free | Partition Type: NTFS
    Drive D: | 7.50 Gb Total Space | 0.39 Gb Free Space | 5.22% Space Free | Partition Type: FAT32

    Computer Name: FAMILY-ROOM-PC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/05 16:06:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/10/29 14:48:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/10/29 14:48:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/05 16:06:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2009/09/23 12:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/07/14 20:45:44 | 003,251,520 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2009/01/23 03:40:02 | 000,532,784 | ---- | M] (My Privacy Tools, Inc.) [On_Demand | Stopped] -- C:\Program Files\Hide My IP 2009\SecureSrv.exe -- (SecureSrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\58.tmp -- (MEMSWEEP2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/10/26 17:10:46 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
    DRV - [2010/10/24 07:08:18 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
    DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/12 19:04:30 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/12/23 10:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
    DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2009/03/25 13:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2008/05/19 17:36:28 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Nexon\MapleStory\maplev55\npkcrypt.sys -- (npkcrypt)
    DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2004/10/13 17:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2004/08/04 06:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/06/29 10:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2004/03/17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
    DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/09/10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2002/10/04 10:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
    DRV - [2001/06/04 06:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.14908
    FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
    FF - prefs.js..extensions.enabledItems: {52ED9673-0722-4A1D-B859-959FD56143DC}:1.0
    FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 14:48:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 14:48:50 | 000,000,000 | ---D | M]

    [2010/10/26 17:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/11/06 16:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k0vc2vt3.default\extensions
    [2010/10/26 18:36:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k0vc2vt3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/06 16:06:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/03/27 05:43:26 | 000,000,000 | ---D | M] (BrowserZinc) -- C:\Program Files\Mozilla Firefox\extensions\{52ED9673-0722-4A1D-B859-959FD56143DC}
    [2009/10/24 18:42:55 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Program Files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    [2010/11/07 04:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
    [2009/05/10 14:38:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com
    [2010/03/27 05:43:26 | 000,002,401 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\browserzinc126.xml

    O1 HOSTS File: ([2010/11/04 17:40:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
    O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
    O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
    O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\SecureNet.dll (My Privacy Tools, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\SecureNet.dll (My Privacy Tools, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\SecureNet.dll (My Privacy Tools, Inc.)
    O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/05/09 19:35:22 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/07 04:46:27 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/11/06 18:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2010/11/06 15:44:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
    [2010/11/06 15:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/11/06 15:30:20 | 002,811,584 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup300.exe
    [2010/11/06 15:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Registry Mechanic
    [2010/11/06 15:22:30 | 001,940,656 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Administrator\Desktop\RegCureSetup_RW.exe
    [2010/11/06 15:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
    [2010/11/06 15:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
    [2010/11/06 15:03:05 | 001,940,640 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Administrator\Desktop\RegCureSetup_CB.exe
    [2010/11/06 10:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
    [2010/11/06 06:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
    [2010/11/06 05:35:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/11/06 05:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
    [2010/11/05 16:06:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/04 17:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/11/04 16:47:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
    [2010/10/31 12:30:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/31 12:30:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/31 12:30:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/31 12:30:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/31 12:30:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/31 12:19:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/31 11:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWinPortable
    [2010/10/31 11:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    [2010/10/31 09:51:54 | 000,036,864 | ---- | C] (Rock Systems & Development) -- C:\Documents and Settings\Administrator\Desktop\SafeMSI.exe
    [2010/10/31 05:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    [2010/10/30 05:02:55 | 431,889,054 | ---- | C] (nDoors ) -- C:\Program Files\WonderKing Client_080510.exe
    [2010/10/29 15:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
    [2010/10/29 15:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2010/10/29 15:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/10/29 15:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/10/29 15:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bazooka Scanner
    [2010/10/28 16:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2010/10/28 16:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/10/28 16:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/10/27 19:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb
    [2010/10/26 18:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
    [2010/10/26 18:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
    [2010/10/26 18:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eBooks
    [2010/10/26 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/10/26 17:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
    [2010/10/26 17:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
    [2010/10/26 17:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
    [2010/10/26 17:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
    [2010/10/26 17:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2010/10/24 08:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Outspark
    [2010/10/24 07:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2010/10/24 07:08:18 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
    [2010/10/24 06:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2010/10/24 06:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2010/10/17 06:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
    [2010/10/15 15:20:58 | 000,000,000 | ---D | C] -- C:\found.002
    [2010/10/14 16:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\File Shredder
    [2010/10/14 16:07:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

    ========== Files - Modified Within 30 Days ==========

    [2010/11/07 04:59:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/07 04:49:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/07 04:45:11 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/07 04:45:11 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/06 18:08:27 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sar_15_sfx(2).exe
    [2010/11/06 17:49:10 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sar_15_sfx.exe
    [2010/11/06 17:06:29 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/11/06 16:54:42 | 000,000,179 | ---- | M] () -- C:\WINDOWS\System32\msexcr.ini
    [2010/11/06 16:41:08 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2010/11/06 16:39:49 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
    [2010/11/06 16:39:47 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/06 16:39:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C7B82B27-DC88-4DA2-B6F5-61AC55DDD043}.job
    [2010/11/06 16:38:27 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
    [2010/11/06 16:38:27 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
    [2010/11/06 15:30:39 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/06 15:30:21 | 002,811,584 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup300.exe
    [2010/11/06 15:23:59 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
    [2010/11/06 15:22:30 | 001,940,656 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Administrator\Desktop\RegCureSetup_RW.exe
    [2010/11/06 15:03:05 | 001,940,640 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Administrator\Desktop\RegCureSetup_CB.exe
    [2010/11/06 06:03:55 | 000,872,337 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MINEXTrap.rar
    [2010/11/06 05:12:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/05 17:11:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cmd.bat
    [2010/11/05 16:06:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/04 17:40:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/04 17:17:10 | 003,902,849 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/03 17:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/31 12:11:59 | 000,925,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Norton_Removal_Tool.exe
    [2010/10/30 05:10:23 | 431,889,054 | ---- | M] (nDoors ) -- C:\Program Files\WonderKing Client_080510.exe
    [2010/10/29 15:16:55 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/29 15:08:02 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2010/10/28 17:47:25 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/10/28 16:57:10 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/10/26 17:54:24 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/26 17:10:46 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/10/24 07:08:18 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
    [2010/10/24 06:18:38 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Documentation.lnk
    [2010/10/24 06:15:33 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
    [2010/10/24 06:15:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster 2.lnk
    [2010/10/24 05:53:14 | 000,000,028 | ---- | M] () -- C:\WINDOWS\funshionplugin2.INI
    [2010/10/16 05:13:57 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2010/11/06 18:08:27 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sar_15_sfx(2).exe
    [2010/11/06 17:45:30 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sar_15_sfx.exe
    [2010/11/06 17:11:48 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\memtest.exe
    [2010/11/06 16:57:02 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AOL.lnk
    [2010/11/06 16:54:42 | 000,000,179 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
    [2010/11/06 15:30:39 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/06 15:04:02 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
    [2010/11/06 15:04:02 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
    [2010/11/06 15:03:33 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
    [2010/11/06 06:03:52 | 000,872,337 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MINEXTrap.rar
    [2010/11/05 17:11:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cmd.bat
    [2010/10/31 12:30:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/31 12:30:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/31 12:30:25 | 000,088,064 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/31 12:30:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/31 12:30:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/31 12:11:59 | 000,925,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Norton_Removal_Tool.exe
    [2010/10/31 12:09:57 | 003,902,849 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/10/29 15:16:55 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/29 15:08:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/10/28 17:47:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/10/28 16:57:10 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/10/28 16:54:02 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/24 08:44:09 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2010/10/24 08:44:08 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
    [2010/10/24 07:35:13 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2010/10/24 07:13:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2010/10/24 06:15:53 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
    [2010/10/24 06:15:33 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
    [2010/10/24 06:15:33 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster 2.lnk
    [2010/03/03 19:12:48 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2010/01/28 16:33:39 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2009/11/05 14:44:16 | 1536,982,033 | ---- | C] () -- C:\Program Files\MSSetupv78.exe
    [2009/10/09 11:32:15 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
    [2009/10/09 11:32:15 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
    [2009/05/17 14:12:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2009/05/14 14:13:06 | 000,000,028 | ---- | C] () -- C:\WINDOWS\funshionplugin2.INI
    [2009/05/09 19:37:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/05/09 19:33:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/05/09 19:33:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/05/09 19:33:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/05/09 19:33:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/05/09 19:33:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/05/09 19:33:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/05/09 19:04:47 | 000,014,553 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2009/05/09 19:04:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2009/05/09 19:04:19 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
    [2009/05/09 19:01:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/05/09 18:42:30 | 000,003,222 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/05/09 18:28:51 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2009/04/08 19:34:40 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\funshion.ini
    [2005/02/04 07:30:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
    [2005/02/04 07:30:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
    [2005/02/04 07:29:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2004/10/15 03:37:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/09/13 16:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/19 19:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
    [2004/08/19 19:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
    [2004/06/15 21:38:02 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2003/04/10 15:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

    ========== LOP Check ==========

    [2009/05/09 19:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute
    [2010/11/06 10:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
    [2010/11/06 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Registry Mechanic
    [2009/05/09 19:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2010/11/06 17:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/09/26 08:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
    [2010/01/28 16:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/10/24 06:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2010/03/21 17:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/04/01 16:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2010/09/30 16:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    [2010/10/30 06:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2010/11/06 15:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
    [2010/11/06 18:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/10/30 06:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2010/04/05 10:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/23 16:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/15 17:49:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
    [2010/11/06 16:39:49 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job
    [2010/11/06 16:38:27 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
    [2010/11/06 16:38:27 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
    [2010/11/06 16:39:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C7B82B27-DC88-4DA2-B6F5-61AC55DDD043}.job

    ========== Purity Check ==========



    < End of report >
    [2010/11/07 04:59:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/07 04:49:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/07 04:45:11 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/07 04:45:11 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/07 04:44:46 | 000,874,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jxpiinstall.exe
    [2010/11/06 18:08:27 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sar_15_sfx(2).exe
    [2010/11/06 17:49:10 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sar_15_sfx.exe
    [2010/11/06 17:06:29 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/11/06 16:54:42 | 000,000,179 | ---- | M] () -- C:\WINDOWS\System32\msexcr.ini
    [2010/11/06 16:41:08 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2010/11/06 16:39:49 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
    [2010/11/06 16:39:47 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/06 16:39:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C7B82B27-DC88-4DA2-B6F5-61AC55DDD043}.job
    [2010/11/06 16:38:27 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
    [2010/11/06 16:38:27 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
    [2010/11/06 15:30:39 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/06 15:30:21 | 002,811,584 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup300.exe
    [2010/11/06 15:23:59 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
    [2010/11/06 15:22:30 | 001,940,656 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Administrator\Desktop\RegCureSetup_RW.exe
    [2010/11/06 15:03:05 | 001,940,640 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Administrator\Desktop\RegCureSetup_CB.exe
    [2010/11/06 10:11:19 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\uninstall_flash_player.exe
    [2010/11/06 06:03:55 | 000,872,337 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MINEXTrap.rar
    [2010/11/06 05:12:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/05 17:11:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cmd.bat
    [2010/11/05 16:06:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/04 17:40:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/04 17:17:10 | 003,902,849 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/03 17:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/31 12:11:59 | 000,925,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Norton_Removal_Tool.exe
    [2010/10/30 05:10:23 | 431,889,054 | ---- | M] (nDoors ) -- C:\Program Files\WonderKing Client_080510.exe
    [2010/10/29 15:16:55 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/29 15:08:02 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2010/10/28 17:47:25 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/10/28 16:57:10 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/10/26 17:54:24 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/26 17:10:46 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/10/24 07:08:18 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
    [2010/10/24 06:18:38 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Documentation.lnk
    [2010/10/24 06:15:33 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
    [2010/10/24 06:15:33 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster 2.lnk
    [2010/10/24 05:53:14 | 000,000,028 | ---- | M] () -- C:\WINDOWS\funshionplugin2.INI
    [2010/10/16 05:13:57 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== LOP Check ==========

    [2009/05/09 19:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute
    [2010/11/06 10:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
    [2010/11/06 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Registry Mechanic
    [2009/05/09 19:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2010/11/06 17:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/09/26 08:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
    [2010/01/28 16:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/10/24 06:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2010/03/21 17:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/04/01 16:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2010/09/30 16:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    [2010/10/30 06:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2010/11/06 15:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
    [2010/11/06 18:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/10/30 06:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2010/04/05 10:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/23 16:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/15 17:49:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
    [2010/11/06 16:39:49 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job
    [2010/11/06 16:38:27 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
    [2010/11/06 16:38:27 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
    [2010/11/06 16:39:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C7B82B27-DC88-4DA2-B6F5-61AC55DDD043}.job

    ========== Purity Check ==========



    < End of report >
     
    yu9wang,
    #27
  9. 2010/11/07
    yu9wang

    yu9wang Inactive Thread Starter

    Joined:
    2010/10/31
    Messages:
    33
    Likes Received:
    1
    ARRRRGH! My computer still restarts after I rebooted.
     
    yu9wang,
    #28
  10. 2010/11/07
    yu9wang

    yu9wang Inactive Thread Starter

    Joined:
    2010/10/31
    Messages:
    33
    Likes Received:
    1
    I am troubleshooting so I turned off the automatic restart upon failure and got blue screen of death and the following STOP eroor code: STOP 0X0000008E (0X0000005,0X8062E183,0XF87A299C,0X00000000)
    Do you know if it is a virus causing it?
     
    yu9wang,
    #29
  11. 2010/11/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download BlueScreenView (in Zip file)
    No installation required.
    Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
     
    broni,
    #30
  12. 2010/11/07
    yu9wang

    yu9wang Inactive Thread Starter

    Joined:
    2010/10/31
    Messages:
    33
    Likes Received:
    1
    I can not save, an error occurs after pressing save selected items.
     
    yu9wang,
    #31
  13. 2010/11/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    0X0000008E error is usually hardware related, so at this point I'll have to send you to either Windows, or hardware forum.
    Create new topic there and once the issue is resolved there, you can come back here and we'll continue.
    I'll keep this topic open.
     
    broni,
    #32
  14. 2010/11/07
    yu9wang

    yu9wang Inactive Thread Starter

    Joined:
    2010/10/31
    Messages:
    33
    Likes Received:
    1
    One last thing, it says that the bsod was caused by a driver file ntoskrnl.exe.
    Thanks for all your help.
     
    yu9wang,
    #33
  15. 2010/11/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It really doesn't matter.
    If it's a hardware problem, any file can be listed there.
     
    broni,
    #34
  16. 2010/11/07
    yu9wang

    yu9wang Inactive Thread Starter

    Joined:
    2010/10/31
    Messages:
    33
    Likes Received:
    1
    Ok thanks anyways.
     
    yu9wang,
    #35
  17. 2010/11/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Sure thing :)

    I'll put this topic on hold for now.
     
    broni,
    #36
  18. 2010/11/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Since your BSOD problem got resolved, you need to return here, so we can finish cleaning process.

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #37
  19. 2010/11/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Are you still out there?
     
    broni,
    #38
Page 2 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...