Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: a virus block my internet access  (Read 12419 times)

0 Members and 1 Guest are viewing this topic.

bayking

    Topic Starter


    Starter

    • Experience: Experienced
    • OS: Windows 7
    a virus block my internet access
    « on: November 24, 2013, 12:05:30 AM »
    Well i cant access the internet nothing cant and my avast primer services(useless) stop and cant start back. Im using a windows 7 x64
    Logged

    bayking

      Topic Starter


      Starter

      • Experience: Experienced
      • OS: Windows 7
      Re: a virus block my internet access
      « Reply #1 on: November 24, 2013, 05:33:17 AM »
      OTL logfile created on: 11/24/2013 7:09:49 AM - Run 1
      OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\king\Downloads\Programs
      64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.7600.16385)
      Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
       
      3.80 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 47.26% Memory free
      7.60 Gb Paging File | 5.05 Gb Available in Paging File | 66.42% Paging File free
      Paging file location(s): d:\pagefile.sys 0 0 [binary data]
       
      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 14.47 Gb Total Space | 0.96 Gb Free Space | 6.63% Space Free | Partition Type: NTFS
      Drive D: | 451.00 Gb Total Space | 4.50 Gb Free Space | 1.00% Space Free | Partition Type: NTFS
      Drive E: | 99.02 Mb Total Space | 60.77 Mb Free Space | 61.37% Space Free | Partition Type: FAT32
       
      Computer Name: KINGOFKINGS-PC | User Name: King of Kings | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
       
      ========== Processes (SafeList) ==========
       
      PRC - [2013/11/24 06:51:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\king\Downloads\Programs\OTL.exe
      PRC - [2013/11/18 23:06:54 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
      PRC - [2013/11/11 15:37:52 | 002,349,392 | ---- | M] (LogMeIn Inc.) -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
      PRC - [2013/08/25 22:07:05 | 003,595,856 | ---- | M] (Tonec Inc.) -- D:\Program Files (x86)\Internet Download Manager\IDMan.exe
      PRC - [2013/08/23 20:00:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
      PRC - [2013/07/12 13:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- D:\Program Files\GoogleChromePortable\App\Chrome-bin\chrome.exe
      PRC - [2013/05/25 20:55:18 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\King of Kings\AppData\Roaming\uTorrent\uTorrent.exe
      PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
      PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
      PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
      PRC - [2012/12/12 08:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
      PRC - [2012/11/07 21:53:50 | 000,361,000 | ---- | M] (PortableApps.com) -- D:\Program Files\GoogleChromePortable\GoogleChromePortable.exe
      PRC - [2010/12/13 14:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
      PRC - [2010/07/23 14:44:54 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      PRC - [2010/07/23 14:44:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
       
       
      ========== Modules (No Company Name) ==========
       
      MOD - [2013/11/24 07:07:36 | 000,016,384 | ---- | M] () -- C:\Users\King of Kings\AppData\Local\Temp\nsvE763.tmp\registry.dll
      MOD - [2013/10/23 05:14:04 | 000,996,984 | ---- | M] () -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll
      MOD - [2013/07/12 13:49:44 | 000,396,240 | ---- | M] () -- D:\Program Files\GoogleChromePortable\App\Chrome-bin\28.0.1500.72\ppgooglenaclpluginchrome.dll
      MOD - [2013/07/12 13:49:43 | 013,599,184 | ---- | M] () -- D:\Program Files\GoogleChromePortable\App\Chrome-bin\28.0.1500.72\PepperFlash\pepflashplayer.dll
      MOD - [2013/07/12 13:49:42 | 004,052,944 | ---- | M] () -- D:\Program Files\GoogleChromePortable\App\Chrome-bin\28.0.1500.72\pdf.dll
      MOD - [2013/07/12 13:48:52 | 000,601,552 | ---- | M] () -- D:\Program Files\GoogleChromePortable\App\Chrome-bin\28.0.1500.72\libglesv2.dll
      MOD - [2013/07/12 13:48:51 | 000,123,344 | ---- | M] () -- D:\Program Files\GoogleChromePortable\App\Chrome-bin\28.0.1500.72\libegl.dll
      MOD - [2013/07/12 13:48:49 | 001,597,392 | ---- | M] () -- D:\Program Files\GoogleChromePortable\App\Chrome-bin\28.0.1500.72\ffmpegsumo.dll
      MOD - [2013/04/21 23:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
      MOD - [2013/04/21 23:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
       
       
      ========== Services (SafeList) ==========
       
      SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
      SRV:64bit: - [2013/10/23 05:14:16 | 002,490,488 | ---- | M] (Speedbit Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe -- (SBUpd)
      SRV:64bit: - [2010/12/13 17:04:46 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
      SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
      SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
      SRV - [2013/11/18 23:06:54 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
      SRV - [2013/11/18 23:06:28 | 000,398,096 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
      SRV - [2013/11/11 15:37:48 | 002,756,944 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
      SRV - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
      SRV - [2013/09/06 15:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
      SRV - [2013/08/23 20:00:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
      SRV - [2013/04/19 17:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
      SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
      SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
      SRV - [2012/04/24 16:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
      SRV - [2010/07/23 14:44:54 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
      SRV - [2010/07/23 14:44:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
      SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
       
       
      ========== Driver Services (SafeList) ==========
       
      DRV:64bit: - [2013/10/23 05:14:18 | 000,041,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys -- (SBUpdd)
      DRV:64bit: - [2013/07/27 00:09:47 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
      DRV:64bit: - [2013/07/27 00:09:45 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
      DRV:64bit: - [2013/06/27 04:57:42 | 000,172,920 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
      DRV:64bit: - [2013/06/20 18:16:31 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
      DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
      DRV:64bit: - [2013/02/19 16:44:08 | 012,312,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
      DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
      DRV:64bit: - [2012/12/06 11:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
      DRV:64bit: - [2012/08/21 15:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
      DRV:64bit: - [2011/12/21 12:18:34 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
      DRV:64bit: - [2011/06/10 08:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
      DRV:64bit: - [2011/04/13 22:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
      DRV:64bit: - [2010/12/16 21:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
      DRV:64bit: - [2010/12/13 17:04:48 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
      DRV:64bit: - [2010/12/08 13:55:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
      DRV:64bit: - [2010/07/01 12:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
      DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
      DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
      DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
      DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
      DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
      DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
      DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
      DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
      DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
      DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
      DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
      DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
      DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
      DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
      DRV - [2013/11/18 23:06:44 | 000,077,584 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
      DRV - [2013/10/18 16:53:14 | 000,552,888 | ---- | M] (PassMark Software) [Kernel | On_Demand | Stopped] -- D:\Program Files\OSFMount\OSFMount.sys -- (OSFMount)
      DRV - [2013/03/14 14:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Stopped] -- D:\Program Files\Xfire\XFDriver64.sys -- (XFDriver64)
      DRV - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
      DRV - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
      DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
      DRV - [2008/07/26 23:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- D:\Users\king\Desktop\ThrottleStop_500\WinRing0x64.sys -- (WinRing0_1_2_0)
       
       
      ========== Standard Registry (SafeList) ==========
       
       
      ========== Internet Explorer ==========
       
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
       
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?babsrc=HP_ss_Btisdt4&mntrId=3A84984BE1C76B2C&affID=124005&tt=070813_wc1&tsp=4971
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 78 10 47 B3 59 CE 01  [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ss_Btisdt4&mntrId=3A84984BE1C76B2C&affID=124005&tt=070813_wc1&tsp=4971
      IE - HKCU\..\SearchScopes\{11019E69-B000-49BB-8F0C-1C5B115480D2}: "URL" = http://search.us.com/serp?guid={6FEB53D0-3E7D-41EB-B539-6D619C11D58B}&action=default_search&serpv=5&k={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
       
       
      ========== FireFox ==========
       
      FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Intel\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
      FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\King of Kings\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
      FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\King of Kings\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
      FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
       
      FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\King of Kings\AppData\Roaming\IDM\idmmzcc5 [2013/07/24 13:24:07 | 000,000,000 | ---D | M]
       
       
      ========== Chrome  ==========
       
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
      CHR - plugin: Shockwave Flash (Enabled) = D:\Program Files\GoogleChromePortable\App\Chrome-bin\28.0.1500.72\PepperFlash\pepflashplayer.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = D:\Program Files\GoogleChromePortable\App\Chrome-bin\28.0.1500.72\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Program Files\GoogleChromePortable\App\Chrome-bin\28.0.1500.72\pdf.dll
      CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
      CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
      CHR - plugin: Unity Player (Enabled) = C:\Users\King of Kings\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
      CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\King of Kings\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
      CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
      CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = D:\Intel\bin\plugin2\npjp2.dll
      CHR - plugin: Microsoft Office 2010 (Enabled) = D:\Office14\NPAUTHZ.DLL
      CHR - plugin: Microsoft Office 2010 (Enabled) = D:\Office14\NPSPWRAP.DLL
      CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
      CHR - Extension: Google Docs = C:\Users\King of Kings\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
      CHR - Extension: Google Drive = C:\Users\King of Kings\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
      CHR - Extension: YouTube = C:\Users\King of Kings\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
      CHR - Extension: Google Search = C:\Users\King of Kings\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
      CHR - Extension: IDM Integration = C:\Users\King of Kings\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.4_0\
      CHR - Extension: New Tab Launch = C:\Users\King of Kings\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbhplonhjleiopohgmppianogioknked\1.0_0\
      CHR - Extension: Gmail = C:\Users\King of Kings\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
       
      O1 HOSTS File: ([2013/08/26 23:18:14 | 000,003,749 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 web35.ukraine.com.ua
      O1 - Hosts: 127.0.0.1 e1dc-unassigned.eserver-ru.com
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 cpe-178-74-224-156.enet.vn.ua
      O1 - Hosts: 127.0.0.1 ip-72-167-54-200.ip.secureserver.net
      O1 - Hosts: 127.0.0.1 ip-whois.net
      O1 - Hosts: 127.0.0.1 bir3yk.net
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 utindexb.dyndns.info
      O1 - Hosts: 127.0.0.1 777seo.com
      O1 - Hosts: 127.0.0.1 hd-teenlove.com
      O1 - Hosts: 127.0.0.1 000webhost.com
      O1 - Hosts: 127.0.0.1 status1.site90.com
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 web35.ukraine.com.ua
      O1 - Hosts: 127.0.0.1 e1dc-unassigned.eserver-ru.com
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 127.0.0.1 *Blocked Russian URL*
      O1 - Hosts: 73 more lines...
      O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
      O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Intel\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Intel\bin\jp2ssv.dll (Oracle Corporation)
      O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
      O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
      O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
      O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
      O4 - HKCU..\Run: [IDMan] D:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
      O4 - HKCU..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
      O4 - HKCU..\Run: [uTorrent] C:\Users\King of Kings\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O8:64bit: - Extra context menu item: Download all links with IDM - D:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
      O8:64bit: - Extra context menu item: Download with IDM - D:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
      O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Office14\EXCEL.EXE (Microsoft Corporation)
      O8 - Extra context menu item: Download all links with IDM - D:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
      O8 - Extra context menu item: Download with IDM - D:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
      O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Office14\EXCEL.EXE (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 173.255.240.156
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AA80436-F182-4DA9-BD8F-D82A0337633C}: DhcpNameServer = 8.8.4.4 173.255.240.156
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{971B1B8E-375F-4687-9881-5257BC3CA8D4}: DhcpNameServer = 192.168.1.1
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O20 - AppInit_DLLs: (c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll) -  File not found
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
      O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
      O33 - MountPoints2\{4b665ac3-c554-11e2-bae4-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{4b665ac3-c554-11e2-bae4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\NightRacer.EXE
      O33 - MountPoints2\{7e4188b0-d805-11e2-9bd2-984be1c76b2c}\Shell - "" = AutoRun
      O33 - MountPoints2\{7e4188b0-d805-11e2-9bd2-984be1c76b2c}\Shell\AutoRun\command - "" = G:\setup.exe
      O33 - MountPoints2\{c67fa34f-3068-11e3-9325-984be1c76b2c}\Shell - "" = AutoRun
      O33 - MountPoints2\{c67fa34f-3068-11e3-9325-984be1c76b2c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
       
      ========== Files/Folders - Created Within 30 Days ==========
       
      [2013/11/24 02:51:52 | 000,036,344 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP152.SYS
      [2013/11/24 02:40:34 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Roaming\SUPERAntiSpyware.com
      [2013/11/24 02:40:18 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
      [2013/11/24 02:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
      [2013/11/24 02:38:19 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Roaming\Malwarebytes
      [2013/11/24 02:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2013/11/24 02:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2013/11/24 02:38:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [2013/11/24 02:37:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
      [2013/11/24 01:29:49 | 002,799,296 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\King of Kings\Desktop\procexp.exe
      [2013/11/24 01:26:37 | 000,000,000 | ---D | C] -- C:\avast! sandbox
      [2013/11/23 22:53:14 | 000,000,000 | ---D | C] -- C:\My Shared Folder
      [2013/11/23 22:45:12 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\Desktop\My Shared Folder
      [2013/11/23 22:16:04 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Local\ElevatedDiagnostics
      [2013/11/23 17:19:09 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\Documents\FLiNGTrainer
      [2013/11/23 16:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AbbasStudio
      [2013/11/23 14:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
      [2013/11/23 14:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
      [2013/11/23 14:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
      [2013/11/23 13:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSFMount
      [2013/11/23 13:46:09 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\Desktop\DATA.IMG Maker
      [2013/11/23 13:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Accelerator
      [2013/11/23 13:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
      [2013/11/23 13:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
      [2013/11/23 12:46:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
      [2013/11/23 12:46:22 | 000,172,032 | ---- | C] (Jin Hui    E-mail: [email protected]   Web: http://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx
      [2013/11/23 12:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
      [2013/11/23 12:34:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
      [2013/11/23 12:34:03 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Local\Temp
      [2013/11/23 07:31:07 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Local\LogMeIn
      [2013/11/23 07:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
      [2013/11/23 07:13:24 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
      [2013/11/23 07:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
      [2013/11/22 22:53:26 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Roaming\AVAST Software
      [2013/11/22 22:51:22 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
      [2013/11/22 22:50:59 | 000,447,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
      [2013/11/22 22:49:17 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\nagqdxhq.sys
      [2013/11/22 22:49:14 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\opzqlsgr.sys
      [2013/11/22 22:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
      [2013/11/20 10:16:38 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\Desktop\GameBoy Advance Mulitiplayer - Copy
      [2013/11/09 16:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\They Bleed Pixels
      [2013/11/09 13:08:09 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Roaming\Rogue Legacy
      [2013/11/09 13:08:08 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\Documents\SavedGames
      [2013/11/09 13:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      [2013/11/09 13:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
      [2013/11/09 11:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChessBase
      [2013/11/09 11:02:31 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Roaming\ChessBase
      [2013/11/09 11:02:27 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\Documents\ChessBase
      [2013/10/31 18:08:32 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Roaming\fp
      [2013/10/31 17:29:49 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Local\FreePascal
      [2013/10/31 17:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Pascal
      [2013/10/27 14:01:34 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No Time To Explain
      [2013/10/27 13:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
      [2013/10/27 13:32:20 | 000,000,000 | ---D | C] -- C:\Fraps
      [2013/10/26 08:56:42 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Roaming\SmartDraw
      [2013/10/26 08:56:34 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw 2010
      [2013/10/26 08:50:33 | 000,000,000 | ---D | C] -- C:\Users\King of Kings\AppData\Local\Downloaded Installations
      [3 C:\Users\King of Kings\Desktop\*.tmp files -> C:\Users\King of Kings\Desktop\*.tmp -> ]
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [1 C:\Users\King of Kings\*.tmp files -> C:\Users\King of Kings\*.tmp -> ]
       
      ========== Files - Modified Within 30 Days ==========
       
      [2013/11/24 07:11:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013/11/24 07:11:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013/11/24 07:06:08 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f070151f-94cf-43fc-b27f-c64bfd743096.job
      [2013/11/24 07:06:08 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5c2d6b7e-c450-4ccd-ba32-58d9703fd9d4.job
      [2013/11/24 07:05:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2013/11/24 07:05:51 | 2041,503,744 | -HS- | M] () -- C:\hiberfil.sys
      [2013/11/24 05:31:15 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3990267690-1175417575-454330908-1000UA.job
      [2013/11/24 02:51:53 | 000,036,344 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP152.SYS
      [2013/11/24 02:40:20 | 000,000,898 | ---- | M] () -- C:\Users\King of Kings\Desktop\SUPERAntiSpyware Professional.lnk
      [2013/11/24 02:38:10 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2013/11/24 02:37:32 | 000,266,214 | ---- | M] () -- C:\Users\King of Kings\Desktop\Untitled.png
      [2013/11/23 16:32:49 | 000,002,725 | ---- | M] () -- C:\Users\Public\Desktop\Aurora.lnk
      [2013/11/23 14:18:14 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\Apps.lnk
      [2013/11/23 14:18:00 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
      [2013/11/23 13:52:36 | 000,000,722 | ---- | M] () -- C:\Users\King of Kings\Desktop\OSFMount.lnk
      [2013/11/23 13:28:58 | 000,002,161 | ---- | M] () -- C:\Users\King of Kings\Desktop\SpeedBit Video Accelerator.lnk
      [2013/11/23 12:46:22 | 000,172,032 | ---- | M] (Jin Hui    E-mail: [email protected]   Web: http://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx
      [2013/11/23 07:12:41 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
      [2013/11/22 22:51:20 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
      [2013/11/22 22:50:59 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
      [2013/11/22 22:49:17 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\nagqdxhq.sys
      [2013/11/22 22:49:14 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\opzqlsgr.sys
      [2013/11/22 11:31:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3990267690-1175417575-454330908-1000Core.job
      [2013/11/22 09:23:17 | 000,017,678 | ---- | M] () -- C:\Users\King of Kings\Desktop\hqdefault.jpg
      [2013/11/17 07:50:24 | 000,000,602 | ---- | M] () -- C:\Users\King of Kings\Desktop\BF2.exe - Shortcut.lnk
      [2013/11/16 13:49:51 | 000,926,346 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2013/11/16 13:49:51 | 000,774,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2013/11/16 13:49:51 | 000,152,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2013/11/11 05:31:58 | 014,342,838 | ---- | M] () -- C:\Users\King of Kings\Desktop\30 Minutes of Circle Theorem REVISION (GCSE maths tutorial and examples).3gp
      [2013/11/09 16:14:29 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Cat-A-Cat GAMES.lnk
      [2013/11/09 16:14:29 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\They Bleed Pixels.lnk
      [2013/11/09 13:06:14 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\Rogue Legacy.lnk
      [2013/11/09 11:02:34 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Fritz7.lnk
      [2013/11/02 23:17:08 | 000,000,952 | ---- | M] () -- C:\Users\King of Kings\Desktop\pcsx2-r5628.exe - Shortcut.lnk
      [2013/10/31 17:29:45 | 000,000,868 | ---- | M] () -- C:\Users\King of Kings\Desktop\Free Pascal IDE.lnk
      [2013/10/27 14:01:35 | 000,001,074 | ---- | M] () -- C:\Users\King of Kings\Desktop\No Time To Explain.lnk
      [2013/10/27 13:32:20 | 000,000,562 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
      [2013/10/26 08:56:34 | 000,000,577 | ---- | M] () -- C:\Users\King of Kings\Desktop\SmartDraw 2010.lnk
      [3 C:\Users\King of Kings\Desktop\*.tmp files -> C:\Users\King of Kings\Desktop\*.tmp -> ]
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [1 C:\Users\King of Kings\*.tmp files -> C:\Users\King of Kings\*.tmp -> ]
       
      ========== Files Created - No Company Name ==========
       
      [2013/11/24 02:40:44 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5c2d6b7e-c450-4ccd-ba32-58d9703fd9d4.job
      [2013/11/24 02:40:43 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f070151f-94cf-43fc-b27f-c64bfd743096.job
      [2013/11/24 02:40:20 | 000,000,898 | ---- | C] () -- C:\Users\King of Kings\Desktop\SUPERAntiSpyware Professional.lnk
      [2013/11/24 02:38:10 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2013/11/23 16:32:49 | 000,002,725 | ---- | C] () -- C:\Users\Public\Desktop\Aurora.lnk
      [2013/11/23 14:18:14 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\Apps.lnk
      [2013/11/23 14:18:00 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
      [2013/11/23 13:52:36 | 000,000,722 | ---- | C] () -- C:\Users\King of Kings\Desktop\OSFMount.lnk
      [2013/11/23 12:46:27 | 000,002,161 | ---- | C] () -- C:\Users\King of Kings\Desktop\SpeedBit Video Accelerator.lnk
      [2013/11/23 07:12:41 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
      [2013/11/22 09:23:17 | 000,017,678 | ---- | C] () -- C:\Users\King of Kings\Desktop\hqdefault.jpg
      [2013/11/17 07:50:24 | 000,000,602 | ---- | C] () -- C:\Users\King of Kings\Desktop\BF2.exe - Shortcut.lnk
      [2013/11/12 12:39:23 | 014,342,838 | ---- | C] () -- C:\Users\King of Kings\Desktop\30 Minutes of Circle Theorem REVISION (GCSE maths tutorial and examples).3gp
      [2013/11/09 16:14:29 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Cat-A-Cat GAMES.lnk
      [2013/11/09 16:14:29 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\They Bleed Pixels.lnk
      [2013/11/09 13:06:14 | 000,000,771 | ---- | C] () -- C:\Users\Public\Desktop\Rogue Legacy.lnk
      [2013/11/09 11:02:34 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Fritz7.lnk
      [2013/11/02 23:17:08 | 000,000,952 | ---- | C] () -- C:\Users\King of Kings\Desktop\pcsx2-r5628.exe - Shortcut.lnk
      [2013/10/31 17:29:45 | 000,000,868 | ---- | C] () -- C:\Users\King of Kings\Desktop\Free Pascal IDE.lnk
      [2013/10/27 14:01:35 | 000,001,074 | ---- | C] () -- C:\Users\King of Kings\Desktop\No Time To Explain.lnk
      [2013/10/27 13:32:20 | 000,000,562 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
      [2013/10/26 08:56:34 | 000,000,577 | ---- | C] () -- C:\Users\King of Kings\Desktop\SmartDraw 2010.lnk
      [2013/10/19 13:08:26 | 000,081,338 | ---- | C] () -- C:\ProgramData\1382204981.bdinstall.bin
      [2013/10/19 12:49:41 | 000,023,008 | ---- | C] () -- C:\ProgramData\1382204979.bdinstall.bin
      [2013/08/26 21:41:22 | 000,201,341 | ---- | C] () -- C:\ProgramData\1377570846.bdinstall.bin
      [2013/08/16 19:49:55 | 000,000,017 | ---- | C] () -- C:\Users\King of Kings\AppData\Local\resmon.resmoncfg
      [2013/07/23 18:20:54 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
      [2013/07/20 20:05:12 | 000,281,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
      [2013/07/20 20:04:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
      [2013/07/19 08:46:09 | 000,917,376 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2013/06/23 21:22:13 | 000,000,056 | ---- | C] () -- C:\Windows\SpeederXP.INI
      [2013/05/29 20:47:22 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
      [2013/05/29 20:47:22 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
      [2013/05/29 20:47:22 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\RaCertMgr.ini
      [2013/05/29 17:47:23 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
      [2013/05/29 17:47:23 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
      [2013/05/29 12:34:41 | 000,004,608 | ---- | C] () -- C:\Users\King of Kings\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2013/05/25 12:57:30 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
      [2013/04/03 09:10:52 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
      [2011/12/21 12:18:12 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
      [2011/12/21 12:18:06 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
       
      ========== ZeroAccess Check ==========
       
      [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2009/07/13 20:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 20:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FB1B13D8

      < End of report >
      Logged

      Allan

      • Moderator

        • Mastermind
        • Thanked: 1260
      • Experience: Guru
      • OS: Windows 10
      Re: a virus block my internet access
      « Reply #2 on: November 24, 2013, 05:59:13 AM »
      Please follow the instructions in the following link and post your logs:
      http://www.computerhope.com/forum/index.php/topic,46313.0.html
      Logged

      SuperDave

      • Malware Removal Specialist


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: a virus block my internet access
      « Reply #3 on: November 24, 2013, 12:27:31 PM »
      Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 

      1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
      2. The fixes are specific to your problem and should only be used for this issue on this machine.
      3. If you don't know or understand something, please don't hesitate to ask.
      4. Please DO NOT run any other tools or scans while I am helping you.
      5. It is important that you reply to this thread. Do not start a new topic.
      6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
      7. Absence of symptoms does not mean that everything is clear.

      If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
      *****************************************************************
      You only have 6.6% of free space. Windows requires at least 15% (2.25 Gb) to operate efficiently. I'm surprised that your computer is still running. You will need to free up some space before we can do any other checking. You can off-load data such as music, videos, pictures and documents to an external drive or DVD's.
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      bayking

        Topic Starter


        Starter

        • Experience: Experienced
        • OS: Windows 7
        Re: a virus block my internet access
        « Reply #4 on: November 26, 2013, 06:37:40 PM »
        Nvm my keyboard stop work my mouse stop work plus internet just had to reformat the drive :( but the virus is still on my other hard drive with all my information is there anything i can do
        Logged

        SuperDave

        • Malware Removal Specialist


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: a virus block my internet access
        « Reply #5 on: November 26, 2013, 07:59:00 PM »
        Quote
        virus is still on my other hard drive with all my information is there anything i can do
        Is the drive still connected to your computer?  If so, please run MBAM on that drive. Also, use your AV to scan that drive.

        Malwarebytes' Anti-Malware (MBAM)

        If you already have Malwarebytes be sure to check for updates before scanning!

        Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link

        •Double-click mbam-setup.exe and follow the prompts to install the program.

        •Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

        If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

        •If an update is found, it will download and install the latest version.
        •Once the program has loaded, select Perform Quick Scan, then click Scan.

        •When the scan is complete, click OK, then Show Results to view the results.

        •Be sure that everything is checked, and click Remove Selected.

        •When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.

        •The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.

        Copy and Paste the contents of the report in your reply.

        •Exit MBAM.
        .
        Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

        Logged
        Windows 8 and Windows 10 dual boot with two SSD's
        Pages: [1]   Go Up
        « previous next »