Computer Hope
Software => Computer viruses and spyware => Topic started by: br3akth3w1nd on July 30, 2011, 01:39:50 PM
-
You guys probably never heard this one before but random pictures and images that I have never seen before appear as files on my desktop. I was writing in the notepad and I had about lets say 5-6 notepad files and nothing else on my desktop. When I closed the notepad I saw that I have a picture of a girl with boxing gloves. Its not the first time this happens, before a few days a picture of some game artwork appeard like that too. Could this be a virus? I checked my download tab in all my browsers and I have not downloaded those pictures!
I scanned my hard with an anti-vir but nothing was found. Has someone else had this strange problem? ;D Thx if you help in advance.
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Scan saved at 12:00:42 ч., on 31.7.2011 г.
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
E:\Program Files (x86)\Hamachi\hamachi-2-ui.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
E:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\Hama Mouse driver V6.0\StartAutorun.exe
C:\Program Files (x86)\Hama Mouse driver V6.0\KMConfig.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Hama Mouse driver V6.0\KMProcess.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
E:\Program Files (x86)\HJT\Trend Micro\HiJackThis\sniper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
O4 - HKLM\..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [HamaKMCONFIGMOUSE] C:\Program Files (x86)\Hama Mouse driver V6.0\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "E:\Program Files (x86)\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files (x86)\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - E:\Program Files (x86)\SuperAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Program Files (x86)\Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Hama Mouse driver V6.0\KMWDSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13017 bytes
www.malwarebytes.org
Database version: 7336
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
31.7.2011 г. 12:06:40
mbam-log-2011-07-31 (12-06-40).txt
Scan type: Quick scan
Objects scanned: 177215
Time elapsed: 7 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\PC\downloads\smileycentralpfsetup2.3.76.6.znman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\PC\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
The program has been scanning for 4 hours now and found 400 items. Its still scanning...
Some things you should know:
Malwerebytes is blocking some ips every minute.
I never used an anti spyware program before.
My antivir is Avira free edition and I did a scan with it before all this. Nothing was found.
-
Here you go
http://www.superantispyware.com
Generated 07/31/2011 at 04:12 PM
Application Version : 4.56.1000
Core Rules Database Version : 7493
Trace Rules Database Version: 5305
Scan type : Complete Scan
Total Scan Time : 04:16:40
Memory items scanned : 704
Memory threats detected : 0
Registry items scanned : 14325
Registry threats detected : 0
File items scanned : 460652
File threats detected : 389
Adware.Tracking Cookie
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@ru4[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@interclick[2].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@smartadserver[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@yadro[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@media6degrees[2].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@doubleclick[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@atdmt[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@tns-counter[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@imrworldwide[2].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@adxpose[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@statcounter[2].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@invitemedia[2].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@hotlog[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@adtech[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@fastclick[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@rambler[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@adbrite[2].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@serving-sys[1].txt
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@apmebf[1].txt
.smartadserver.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
counter.search.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.microsoftsto.112.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.game-advertising-online.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eaeacom.112.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
user.lucidmedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
in.getclicky.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
wstat.wibiya.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.harrenmedianetwork.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.googleads.g.doubleclick.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.teenproblem.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.qnsr.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mmotraffic.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mmotraffic.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertstream.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.weborama.fr [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.sexwell.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.sexwell.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bouyguestelecom.solution.weborama.fr [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bouyguestelecom.solution.weborama.fr [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bouyguestelecom.solution.weborama.fr [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bouyguestelecom.solution.weborama.fr [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www9.addfreestats.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
profiles.hitslink.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.trafficjmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hearstmagazines.112.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking.hostgator.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.exchange.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.exchange.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
account.globalagendagame.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
account.globalagendagame.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
o1.qnsr.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.qsstats.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cmp.112.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
s05.flagcounter.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.commons.wikimedia.org [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
commons.wikimedia.org [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
commons.wikimedia.org [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.meta.wikimedia.org [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediawiki.org [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
species.wikimedia.org [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
incubator.wikimedia.org [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tenilstats.turner.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.thenakedscientists.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.thenakedscientists.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rem.rezonmedia.eu [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
gotacha.rotator.hadj7.adjuggler.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
gotacha.rotator.hadj7.adjuggler.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
gotacha.rotator.hadj7.adjuggler.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.medhelpinternational.112.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
delivery.usermedia.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
accounts.youtube.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.altermedia.info [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.altermedia.info [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.altermedia.info [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mmotraffic.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediabrandsww.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clickfuse.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ehg-futurepub.hitbox.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ecomedia.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ecomedia.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ecomedia.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
openx.ecomedia.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fuckyeahdementia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fuckyeahdementia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fuckyeahdementia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.r1-ads.ace.advertising.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.adreactor.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.indieclick.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.timeinc.122.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.c.gigcount.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mm.chitika.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.abv.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.abv.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
marcopolo.traffective-tracking.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
marcopolo.traffective-tracking.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
marcopolo.traffective-tracking.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
marcopolo.traffective-tracking.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
marcopolo.traffective-tracking.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.zanox.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zanox.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.3dstats.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.indieclick.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
optimize.indieclick.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.teenproblem.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.112.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.gametracker.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.highbeam.122.2o7.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ar.atwola.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.easyads.bg [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.teenproblem.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.gamesites200.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.mmorpgtoplist.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.teenproblem.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.teenproblem.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.teenproblem.net [ C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
account.globalagendagame.com [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
*Blocked Russian URL* [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
ia.media-imdb.com [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
imgs.adverticum.net [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
media.ign.com [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
media.mtvnservices.com [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
media.scanscout.com [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
media1.break.com [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
media1.clubpenguin.com [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
secure-it.imrworldwide.com [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
secure-us.imrworldwide.com [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
www.orvmedia.com [ C:\Users\PC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7PX7FMT5 ]
Trojan.Unclassified/Loader-Suspicious
C:\MMOHACKFORUMS\BATTLEFORGETRAINER\LOADER.EXE
Trojan.Agent/Gen-Koobface[Bonkers]
C:\USERS\PC\DESKTOP\PROGRAMS\ANIMTRANSFER03.EXE
Adware.MyWebSearch
D:\OLD_C\DOWNLOADS\MYWEBFACESETUP2.3.70.1.GRMAN000.EXE
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
********************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
Hello Dave and thank you for welcoming and helping me. :)
I did everything you told me, here are the logs:
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8.1.2011 г. 18:58:37
System Uptime: 1.8.2011 г. 14:07:59 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A77TD PRO
Processor: AMD Athlon(tm) II X4 620 Processor | AM3 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 97,502 GiB free.
D: is FIXED (NTFS) - 293 GiB total, 141,481 GiB free.
E: is FIXED (NTFS) - 492 GiB total, 110,768 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM (CDFS)
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: AMD High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&25D3C842&0&0001
Manufacturer: Advanced Micro Devices
Name: AMD High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&25D3C842&0&0001
Service: AtiHDAudioService
.
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: AB0L5SIZ IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: AB0L5SIZ IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: alg1f2ny
.
==== System Restore Points ===================
.
RP110: 2.7.2011 г. 15:26:14 - Installed DirectX
RP111: 17.7.2011 г. 22:02:02 - Scheduled Checkpoint
RP112: 25.7.2011 г. 13:22:27 - Removed Skype™ 5.3
RP113: 31.7.2011 г. 11:57:23 - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
A4 TECH USB PC Camera
Acer eDisplay Management
Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Reader X
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Age of Empires III
Age of Pirates 2: City of Abandoned Ships ver.1.3.0
Anno 1404
Apple Software Update
Ashampoo WinOptimizer 6.60
Assassin's Creed Brotherhood
ASUSUpdate
ATI Catalyst Registration
Avira AntiVir Personal - Free Antivirus
Babylon toolbar
Bandisoft MPEG-1 Decoder
Battle vs. Chess
Battlefield Play4Free (PC)
BattleForge™
Black Mirror 3
BS.Player PRO
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Champions Online
Cheat Engine 6.0
Chinese Simplified Fonts Support For Adobe Reader X
ClassicPro© v1.14
Cool & Quiet
Crystal Reports for Visual Studio
DAEMON Tools Lite
Darkspore™
DDS Converter 2.1
Dead Space™ 2
DiRT 3
Dotfuscator Software Services - Community Edition
EasyBits GO
Echelon
Echelon: Wind Warriors, V 1.09.17
EmoteMaker 8.0.3
EPU-4 Engine
Fallout New Vegas
ffdshow v1.1.3800 [2011-03-28]
FileZilla Client 3.3.2
Fraps (remove only)
GIMP 2.6.11
Google Chrome
Hama Mouse driver V6.0
Hamachi 1.0.1.5
Heroes of Might and Magic V - Tribes of the East
High-Definition Video Playback 10
HiJackThis
Home Designer Suite 8
Java Auto Updater
Java(TM) 6 Update 26
K-Lite Codec Pack 5.9.0 (Full)
League of Legends
LG PC Suite III
LG United Mobile Driver
LG USB Modem Drivers
LogMeIn Hamachi
Malwarebytes' Anti-Malware version 1.51.1.1800
Mario Forever
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft Windows Media Video 9 VCM
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mp3tag v2.45a
MP4 to MP3 Converter 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero Burning ROM 10
Nero Control Center 10
Nero Core Components 10
Nero Dolby Files 10
Nero Express 10
Nero Multimedia Suite 10
Nero StartSmart 10
Nexon Game Manager
Nexus: The Jupiter Incident
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
Online Battles
OpenAL
Pando Media Booster
PDF Settings CS5
Photoshop Camera Raw
Pivot Pro Plugin
Pixel Bender Toolkit
Platform
PunkBuster Services
Quick Memory Editor 5.5
QuickTime
QuickTime Alternative 1.95
Rakion International
Rapture3D 2.4.8 Game
REACTOR
Real Alternative 2.0.2
Realtek High Definition Audio Driver
RocketDock 1.3.5
SDK
SHIFT 2 UNLEASHED™
Skype™ 4.2
Smart FLV Converter Pro 3.4.0.80
SmartFTP Client Setup Files 4.0 (x64) (remove only)
StarCraft II
Stykz for Windows 1.0.2
Suite Shared Configuration CS4
System Requirements Lab CYRI
Tank Arena
Team Fortress 2
The Witcher 2
Turbo Key
Ubisoft Game Launcher
Ultra Audio Recorder v7.4.4.213
Unity Web Player
VIA п»ї
Vindictus
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Warcraft III
Warcraft III: All Products
WE Unlimited 1.20
Web Page Maker V3.03
Wings of Prey 1.0.3.2
World of Warcraft
Xara Web Designer 6
XnView 1.97.8
YouTube Downloader 2.5.4
Yu-Gi-Oh! ONLINE
yuPlay client 0.7.17
.
==== End Of File ===========================
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by PC at 14:36:45 on 2011-08-01
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.4095.2302 [GMT 3:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
E:\Program Files (x86)\SuperAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
E:\Program Files (x86)\Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hama Mouse driver V6.0\KMWDSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
E:\Program Files (x86)\Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
E:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
E:\Program Files (x86)\SuperAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\Hama Mouse driver V6.0\StartAutorun.exe
C:\Program Files (x86)\Hama Mouse driver V6.0\KMConfig.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Hama Mouse driver V6.0\KMProcess.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.bg/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Google Update] "C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RocketDock] "E:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [AdobeBridge]
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] E:\Program Files (x86)\SuperAntiSpyware\SUPERAntiSpyware.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Turbo Key] "C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun: [HamaKMCONFIGMOUSE] C:\Program Files (x86)\Hama Mouse driver V6.0\StartAutorun.exe KMConfig.exe
mRun: [LogMeIn Hamachi Ui] "E:\Program Files (x86)\Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
mRun: [Malwarebytes' Anti-Malware] "E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: DhcpNameServer = 84.238.214.1 192.168.0.1
TCP: Interfaces\{ED73EFB3-57D5-46B4-97C0-300C502C5B78} : DhcpNameServer = 84.238.214.1 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [Turbo Key] "C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe"
mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun-x64: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun-x64: [HamaKMCONFIGMOUSE] C:\Program Files (x86)\Hama Mouse driver V6.0\StartAutorun.exe KMConfig.exe
mRun-x64: [LogMeIn Hamachi Ui] "E:\Program Files (x86)\Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
mRun-x64: [Malwarebytes' Anti-Malware] "E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;E:\Program Files (x86)\SuperAntiSpyware\sasdifsv64.sys [2011-7-13 14928]
R1 SASKUTIL;SASKUTIL;E:\Program Files (x86)\SuperAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;E:\Program Files (x86)\SuperAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-8 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-8 269480]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2011-2-2 90112]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;E:\Program Files (x86)\Hamachi\hamachi-2.exe [2011-5-25 2275720]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Hama Mouse driver V6.0\KMWDSrv.exe [2009-8-14 1818112]
R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-31 366640]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-2-25 109168]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2011-1-8 544768]
S3 rak;rak;E:\Games\RakionIS\Bin\rakion64.sys [2011-6-11 40056]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2011-07-31 12:32:29 -------- d-----w- C:\Users\PC\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 08:58:04 388096 ----a-r- C:\Users\PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 08:53:47 -------- d-----w- C:\Users\PC\AppData\Roaming\Malwarebytes
2011-07-31 08:53:40 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-31 08:53:39 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-31 08:53:36 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-31 08:51:27 -------- d-----w- C:\Users\PC\AppData\Roaming\SUPERAntiSpyware.com
2011-07-31 08:51:27 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-31 08:51:22 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-29 18:25:03 -------- d-----w- C:\Users\PC\riotsGamesLogs
2011-07-25 10:51:12 -------- d-----r- C:\Program Files (x86)\Skype
2011-07-24 21:39:53 -------- d--h--w- C:\Windows\PIF
2011-07-24 21:39:31 304128 ----a-w- C:\Windows\IsUninst.exe
2011-07-19 19:25:52 -------- d-----w- C:\Users\PC\.thumbnails
2011-07-19 19:14:04 -------- d-----w- C:\Users\PC\.gimp-2.6
2011-07-17 17:58:04 -------- d-----w- C:\Users\PC\AppData\Local\Microsoft Games
2011-07-02 18:13:01 -------- d-----w- C:\Program Files (x86)\EmoteMaker
2011-07-02 18:12:35 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2011-07-02 14:55:04 -------- d-----w- C:\Users\PC\AppData\Local\._LiveCode_
2011-07-02 14:52:26 -------- d-----w- C:\Users\PC\AppData\Roaming\Stykz
2011-07-02 14:07:37 -------- d-----w- C:\Users\PC\AppData\Roaming\Ubisoft
.
==================== Find3M ====================
.
2011-07-02 12:29:37 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2011-07-02 12:29:36 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2011-07-02 11:17:43 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-06-30 11:23:13 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-06-30 11:23:13 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-06-30 11:00:26 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-06-12 14:24:15 2829 ----a-w- C:\Windows\War3Unin.pif
2011-06-12 14:24:15 139264 ----a-w- C:\Windows\War3Unin.exe
2011-06-04 11:24:28 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-06-04 11:24:28 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-06-04 11:24:28 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-06-04 11:24:28 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-05-24 14:24:12 21832 ----a-w- C:\Windows\System32\drivers\hamachi.sys
2011-05-24 13:46:12 1 ----a-w- C:\Windows\SysWow64\SI.bin
2011-05-04 01:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:37:41,19 ===============
-
P2P - I see you have P2P software installed on your machine (µTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*************************************************
BabylonToolbar is adware and also should be removed. See here. (http://forums.spybot.info/showthread.php?t=61869)
**************************************************
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper - No File
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*************************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
Dave, I did exactly what you told me. The problem is that OTL is still scanning and I ran it an hour ago. The commands left are:
[emptytemp]
[start explorer]
Is this supposed to take so long ???
Edit: The program had clearly crashed since even task manager said it is not responding. I hope I didnt do anything wrong, but I did wait an hour and a half. I will try to run it again if you want.
-
Just skip OTL and go with ComboFix, please.
-
Ok the program did its job. But you should know that when it said that its going to reboot my machine, skype gave me some error message with no name and no text and nothing else happened. I did wait a lot. So without closing combofix I got to start>restart. Combofix diplayed a warning, but it was too late. Come to think of it, OTL crashed when it started to restart my machine too. I remember that all my programs that have icons in the taskbar closed and the taskbar itself started to blink.
Here is the report from ComboFix
ComboFix 11-08-03.02 - PC 08.2011 г. 14:46:03.1.4 - x64]
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.4095.2507 [GMT 3:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC\AppData\Roaming\chrtmp
c:\users\PC\AppData\Roaming\explorer
c:\users\PC\AppData\Roaming\Microsoft\Windows\Recent\httpwww.google.bgurlq=httpvbox7.
complaybcea43cf&sa=X&ei=0AUTTsv9KYWfOpmh7LUL&ved=0CEIQuAIwAw&usg=AFQjCNHDx
OxQGiUjJpKV6Fk7QAg.URL
c:\windows\ktkm2.dll
c:\windows\ktkm3.dll
c:\windows\ktkm34.dll
c:\windows\ktkm36.dll
c:\windows\ktkm4.dll
c:\windows\ktkm8.dll
c:\windows\wpe pro.INI
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_conhost.exe pid: 1940 24: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_conhost.exe pid: 4708 24: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_lsm.exe pid: 560 274: c:\windows\System32\en-US\lsm.exe.mui
-------\Service_Skype.exe pid: 2212 1E8: c:\program files (x86)\Skype\Phone\Skype.exe
-------\Service_Sysinternals - www.sysinternals.com
.
.
((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-02 06:32 . 2011-08-02 06:32 -------- d-----w- C:\_OTL
2011-07-31 12:32 . 2011-07-31 12:32 -------- d-----w- c:\users\PC\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 08:58 . 2011-07-31 08:58 388096 ----a-r- c:\users\PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 08:53 . 2011-07-31 08:53 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2011-07-31 08:53 . 2011-07-06 16:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-31 08:53 . 2011-07-31 08:53 -------- d-----w- c:\programdata\Malwarebytes
2011-07-31 08:53 . 2011-07-06 16:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 08:51 . 2011-07-31 08:51 -------- d-----w- c:\users\PC\AppData\Roaming\SUPERAntiSpyware.com
2011-07-31 08:51 . 2011-07-31 08:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-31 08:51 . 2011-07-31 08:51 -------- d-----w- c:\programdata\!SASCORE
2011-07-29 18:25 . 2011-08-01 21:50 -------- d-----w- c:\users\PC\riotsGamesLogs
2011-07-25 10:51 . 2011-07-25 10:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-07-25 10:51 . 2011-07-25 10:51 -------- d-----r- c:\program files (x86)\Skype
2011-07-24 21:39 . 2011-07-24 21:39 -------- d--h--w- c:\windows\PIF
2011-07-24 21:39 . 1997-12-17 15:33 304128 ----a-w- c:\windows\IsUninst.exe
2011-07-19 19:25 . 2011-07-31 16:06 -------- d-----w- c:\users\PC\AppData\Roaming\gtk-2.0
2011-07-19 19:25 . 2011-07-19 19:25 -------- d-----w- c:\users\PC\.thumbnails
2011-07-19 19:14 . 2011-07-31 16:06 -------- d-----w- c:\users\PC\.gimp-2.6
2011-07-17 17:58 . 2011-07-17 17:58 -------- d-----w- c:\users\PC\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-02 12:29 . 2011-04-15 21:38 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-07-02 12:29 . 2011-04-15 21:38 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-07-02 11:17 . 2011-01-08 17:55 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-02 11:17 . 2011-01-08 17:55 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-30 11:23 . 2011-03-28 17:01 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-06-30 11:23 . 2011-03-16 17:41 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-30 11:00 . 2011-03-16 17:41 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-12 14:24 . 2011-06-12 14:18 2829 ----a-w- c:\windows\War3Unin.pif
2011-06-12 14:24 . 2011-06-12 14:18 139264 ----a-w- c:\windows\War3Unin.exe
2011-06-04 11:24 . 2011-04-16 11:47 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-04 11:24 . 2011-04-16 11:47 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-06-04 11:24 . 2011-04-16 11:47 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-04 11:24 . 2011-04-16 11:47 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-06-04 10:53 . 2011-06-04 10:28 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-05-24 14:24 . 2011-05-24 14:24 21832 ----a-w- c:\windows\system32\drivers\hamachi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-29 399736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-28 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"SUPERAntiSpyware"="e:\program files (x86)\SuperAntiSpyware\SUPERAntiSpyware.exe" [2011-07-27 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2009-05-26 413696]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-06-05 2171904]
"Turbo Key"="c:\program files (x86)\ASUS\Turbo Key\TurboKey.exe" [2009-05-25 1768960]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-30 121456]
"HamaKMCONFIGMOUSE"="c:\program files (x86)\Hama Mouse driver V6.0\StartAutorun.exe" [2008-05-29 212992]
"LogMeIn Hamachi Ui"="e:\program files (x86)\Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BabylonToolbar"="c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"Malwarebytes' Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys
R3 GGSAFERDriver;GGSAFER Driver;e:\games\Garena\safedrv.sys
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 rak;rak;e:\games\RakionIS\Bin\rakion64.sys [2011-06-11 40056]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 X6va005;X6va005;c:\users\PC\AppData\Local\Temp\00588FF.tmp
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys
S1 SASDIFSV;SASDIFSV;e:\program files (x86)\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]
S1 SASKUTIL;SASKUTIL;e:\program files (x86)\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;e:\program files (x86)\SuperAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\program files (x86)\Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Hama Mouse driver V6.0\KMWDSrv.exe [2009-08-14 1818112]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1b6712-1d81-11e0-b0b7-90e6ba0b07cb}]
\shell\AutoRun\command - H:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1079075947-272208551-1207551106-1000Core.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 17:15]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1079075947-272208551-1207551106-1000UA.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 17:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.bg/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 84.238.214.1 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 1940 24: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 4708 24: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe pid: 560 274: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Skype.exe pid: 2212 1E8: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\PC\AppData\Local\Temp\00588FF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Acer Display\eDisplay Management\DTHtml.exe
c:\program files (x86)\Hama Mouse driver V6.0\KMConfig.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hama Mouse driver V6.0\KMProcess.exe
c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-08-03 15:02:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-03 12:02
.
Pre-Run: 107 339 268 096 bytes free
Post-Run: 107 624 402 944 bytes free
.
- - End Of File - - B9CD1AFCDD04AC4E8CDBD723F72C306E
-
Oh this program did something bad :( I cannot start my Starcraft 2, beacuse it says illigal operation on a registry key that was marked for deletion :-X Help me
Edit: Half of my games are doing this.
-
Oh this program did something bad I cannot start my Starcraft 2, beacuse it says illigal operation on a registry key that was marked for deletion Help me
You may have to re-install Starcraft 2.
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
-
Here you go:
SeDebugPrivilege granted successfully ...
.
Windows 7 . (6.1.7600)
[32_bits] - AMD64 Family 16 Model 5 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.7600.16385
.
C:\ [Fixed-NTFS] .. ( Total:146 Go - Free:100 Go )
D:\ [Fixed-NTFS] .. ( Total:292 Go - Free:141 Go )
E:\ [Fixed-NTFS] .. ( Total:492 Go - Free:117 Go )
F:\ [CD_Rom]
G:\ [CD_Rom]
H:\ [CD_Rom]
I:\ [CD_Rom]
.
Scan : 11:52.59
Path : C:\Users\PC\Downloads\Rooter.exe
User : PC ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ???q?????? (292)
______ ???q?????? (400)
______ ???q?????? (472)
______ ???q?????? (496)
______ ???q?????? (536)
______ ???q?????? (552)
______ ???q?????? (560)
______ ???q?????? (620)
______ ???q?????? (708)
______ ???q?????? (796)
______ ???q?????? (860)
______ ???q?????? (924)
______ ???q?????? (960)
______ ???q?????? (988)
______ ???q?????? (332)
______ ???q?????? (340)
______ ???q?????? (1068)
______ ???q?????? (1244)
______ ???q?????? (1292)
______ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1324)
______ ???q?????? (1356)
______ ???q?????? (1552)
______ ???q?????? (1604)
______ ???q?????? (1768)
______ ???q?????? (1796)
______ ???q?????? (1812)
______ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1864)
______ C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe (1924)
______ ???q?????? (1968)
______ ???q?????? (1976)
______ C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (2040)
______ C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe (1128)
______ ???q?????? (1720)
______ C:\Program Files (x86)\Hama Mouse driver V6.0\KMWDSrv.exe (1848)
______ E:\Program Files (x86)\Hamachi\hamachi-2-ui.exe (1980)
______ ???q?????? (1156)
______ C:\Windows\vsnpstd3.exe (2084)
______ C:\Program Files (x86)\uTorrent\uTorrent.exe (2092)
______ C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (2124)
______ E:\Program Files (x86)\RocketDock\RocketDock.exe (2164)
______ C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (2232)
______ C:\Program Files (x86)\Skype\Phone\Skype.exe (2400)
______ ???q?????? (2420)
______ C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (2500)
______ C:\Windows\SysWOW64\PnkBstrA.exe (2532)
______ ???q?????? (2576)
______ ???q?????? (2596)
______ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (2832)
______ ???q?????? (3196)
______ C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe (3224)
______ C:\Program Files (x86)\Hama Mouse driver V6.0\StartAutorun.exe (3256)
______ C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe (3284)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3300)
______ C:\Program Files (x86)\Hama Mouse driver V6.0\KMConfig.exe (3316)
______ C:\Program Files (x86)\Hama Mouse driver V6.0\KMProcess.exe (3416)
______ ???q?????? (3424)
______ C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe (3552)
______ ???q?????? (3580)
______ C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe (3904)
______ C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe (3928)
______ ???q?????? (4092)
______ ???q?????? (3756)
______ ???q?????? (4136)
______ ???q?????? (4392)
______ ???q?????? (4540)
______ ???q?????? (4560)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (2312)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (2100)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (2480)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (4744)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (2584)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (4648)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (4712)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (4684)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (4696)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (4768)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (4844)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (3472)
______ C:\Windows\SysWOW64\rundll32.exe (788)
______ C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe (3724)
______ E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4864)
______ ???q?????? (1332)
______ C:\Users\PC\Downloads\Rooter.exe (3924)
______ ???q?????? (4080)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:157181542400)
\Device\Harddisk0\Partition3 (Start_Offset:157287448576 | Length:314572800000)
\Device\Harddisk0\Partition4 (Start_Offset:471860248576 | Length:528342843392)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1079075947-272208551-1207551106-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1079075947-272208551-1207551106-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 11:53.21
.
C:\Rooter$\Rooter_1.txt - (04/08/2011 | 11:53.21)
Btw, I havent seen a random image appear since we started the topic.
-
Btw, I havent seen a random image appear since we started the topic.
We scared them off. Let's try one more scan.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
C:\Program Files (x86)\Cheat Engine 6\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6\dbk32.sys probably a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined
C:\Users\PC\Desktop\Programs\SuperExe2bat.exe probably a variant of Win32/TrojanDownloader.Agent.GQKISDI trojan cleaned by deleting - quarantined
C:\Users\PC\Desktop\Programs\WPE PRO\WPE PRO - modified.exe a variant of Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined
C:\Users\PC\Desktop\Programs\WPE PRO\WPE PRO.exe Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined
C:\Users\PC\Desktop\Projects and Documents\Malagueta_2.1a.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
C:\Users\PC\Downloads\CheatEngine60.exe multiple threats deleted - quarantined
E:\Downloads\CheatEngine56.exe multiple threats deleted - quarantined
E:\Downloads\Adobe Flash Professional CS5\keygen.exe a variant of Win32/Keygen.BH application cleaned by deleting - quarantined
E:\Downloads\Ashampoo WinOptimizer v7.20\alternative\Patch.exe a variant of Win32/HackTool.Patcher.D application cleaned by deleting - quarantined
E:\Downloads\Dark Sector\Install Files\Cache_Windows.cf2 Win32/HackTool.CheatEngine.AB application deleted - quarantined
E:\Downloads\IDM.UltraEdit.v17.10.0.1008.Incl.Keymaker-CORE\keygen.exe a variant of Win32/Keygen.AU application cleaned by deleting - quarantined
E:\Downloads\SONY Vegas Pro 9.0e (32-64bit)\Sony.Products.Multikeygen.v1.7.Keygen.and.Patch.Only.READ.NFO-DI\Keygen.exe a variant of Win32/Keygen.AR application cleaned by deleting - quarantined
E:\Games\Battle vs. Chess\SKIDROW.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
E:\Games\Dark Sector\EXTRAS\Trainer+5\DarkSectorTrainer+5.exe Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
E:\Games\Darkness\YU GI OH Darkness\YU GI OH Darkness\dabjoey.exe probably a variant of Win32/Spy.Agent.KEZUTRI trojan cleaned by deleting - quarantined
E:\Games\Darkness\YU GI OH Darkness\YU GI OH Darkness\dabygo3.exe a variant of Win32/GameHack.G application cleaned by deleting - quarantined
E:\Games\DiRT 3\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
E:\Games\DiRT 3\SKIDROW.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
Here you go.
-
Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?
Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.
Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.
**********************************************
We can do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
**********************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
- Click the CleanUp button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Hmm I usually like to test a game or a program before buying it. If its illigal - OK, I wont do it.
So.. I'd like to thank you Dave, for helping me. I dont know what I wouldve done without you. You are a really good guy, I cant believe you used so much of your time on helping a total stranger :)
I hope I dont have anymore problems with malware, I will try to be more careful with what I am downloading ;D
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.