kamrez224

Members

View Profile See their activity

Posts
6
Joined
January 15, 2012
Last visited
January 18, 2012

Tech Info

Experience
beginner
System: windows_xp

kamrez224's Achievements

Newbie (1/14)

Reputation

cant do syatem restore and boot in safe mode

kamrez224 replied to kamrez224's topic in Tech Support & Discussions Forum

My friend following are the logs Malwarebytes Anti-Malware 1.60.0.1800 http://www.malwarebytes.org Database version: v2012.01.17.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 user :: USER-436AC3931B [administrator] 17/01/2012 19:24:45 mbam-log-2012-01-17 (19-24-45).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218418 Time elapsed: 25 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) OTL logfile created on: 17/01/2012 20:01:03 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.94 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 60.53% Memory free 3.19 Gb Paging File | 2.35 Gb Available in Paging File | 73.65% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.82 Gb Total Space | 209.09 Gb Free Space | 89.81% Space Free | Partition Type: NTFS Drive E: | 232.94 Gb Total Space | 232.85 Gb Free Space | 99.96% Space Free | Partition Type: NTFS Computer Name: USER-436AC3931B | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools) PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc) PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc) PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc) PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) PRC - C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll () MOD - C:\Program Files\PC Tools Security\UserModeFileCache.dll () MOD - C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll () ========== Win32 Services (SafeList) ========== SRV - (McciCMService) -- File not found SRV - (AMService) -- File not found SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (ThreatFire) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools) SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc) SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc) SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc) SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) ========== Driver Services (SafeList) ========== DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools) DRV - (TFSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools) DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools) DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools) DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools) DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools) DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools) DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C AB B3 D9 7B 5B CC 01 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.order.2: "Google" FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/01/02 20:24:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/06 19:36:47 | 000,000,000 | ---D | M] [2011/04/30 18:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2012/01/13 22:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions [2011/05/28 21:27:43 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC} [2012/01/01 14:20:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/11/13 22:14:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2011/11/14 16:51:07 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions\plugin@yontoo.com [2012/01/01 14:20:24 | 000,000,000 | ---D | M] ("Update Service") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions\updater@foxstart(2).com [2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\searchplugins\askcom.xml [2012/01/06 19:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/12/21 07:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: SiteAdvisor = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\ CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ Hosts file not found O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O15 - HKCU\..Trusted Domains: bt.com ([http://www.securedownload] https in Trusted sites) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286277652187 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF19A9D1-3C35-4066-9E1D-60EB1F3EF9BC}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\user\Local Settings\Application Data\dvhstuqt\lcvfeuak.exe) - File not found O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/10/03 12:41:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{c020d7aa-95ac-11e0-baa7-001e8cce05c7}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/17 19:53:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2012/01/17 19:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/17 19:23:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/01/17 19:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/01/16 22:04:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent [2012/01/12 22:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\New Folder (4) [2012/01/12 21:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Registry Mechanic [2012/01/11 17:58:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/01/09 21:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/01/09 21:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\HiJackThis [2012/01/08 22:12:20 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\user\Desktop\ccsetup314.exe [2012/01/08 19:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos [2012/01/08 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure [2012/01/07 20:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012/01/06 19:36:14 | 015,113,064 | ---- | C] (Mozilla) -- C:\Documents and Settings\user\My Documents\Firefox Setup 9.0.1.exe [2012/01/06 18:26:22 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.60.0.1800.exe [2012/01/06 17:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SumatraPDF [2012/01/06 17:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\PDF Reader [2012/01/05 20:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/01/05 20:56:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012/01/05 20:56:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012/01/05 20:56:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012/01/05 20:56:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2012/01/05 20:54:35 | 017,159,968 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\user\Desktop\jre-6u30-windows-i586-s.exe [2012/01/05 20:51:08 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\user\Desktop\jxpiinstall.exe [2012/01/05 16:55:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012/01/03 21:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PCTools [2012/01/03 17:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Story 3 for Windows [2012/01/02 20:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Registry Mechanic [2012/01/02 20:46:29 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx [2012/01/02 20:46:29 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx [2012/01/02 20:46:28 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx [2012/01/02 20:46:27 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX [2012/01/02 20:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools [2012/01/02 20:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Product_RM [2012/01/02 20:42:20 | 017,848,280 | ---- | C] (PC Tools) -- C:\Documents and Settings\user\Desktop\rminstall.exe [2012/01/02 20:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Threat Expert [2012/01/02 20:24:07 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll [2012/01/02 20:24:04 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2012/01/02 20:24:04 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2012/01/02 20:24:01 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys [2012/01/02 20:24:00 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys [2012/01/02 20:24:00 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys [2012/01/02 20:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2012/01/02 20:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2012/01/02 20:04:11 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys [2012/01/02 20:04:11 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys [2012/01/02 20:04:10 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2012/01/02 20:04:04 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2012/01/02 20:04:04 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2012/01/02 20:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security [2012/01/02 20:03:55 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2012/01/02 20:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012/01/02 20:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security [2012/01/02 20:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PC Tools [2012/01/02 19:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012/01/02 19:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Opera [2012/01/02 19:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Opera [2012/01/02 11:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google [2012/01/02 11:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2012/01/01 22:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\vlc [2012/01/01 22:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN [2012/01/01 22:10:27 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2012/01/01 22:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2012/01/01 22:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\PCHealth [2012/01/01 22:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2012/01/01 12:20:16 | 000,096,200 | ---- | C] (CyberDefender Corp.) -- C:\WINDOWS\System32\drivers\CDAVFS.sys [2012/01/01 12:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium [2011/12/31 18:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2011/12/30 21:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/17 19:53:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2012/01/17 19:25:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/01/17 19:23:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/17 19:22:41 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.60.0.1800.exe [2012/01/17 18:42:04 | 000,447,998 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/17 18:42:04 | 000,071,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/17 18:40:58 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{555429C0-D1E9-4696-8F23-E227A3ACEC2E}.job [2012/01/17 18:38:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/17 18:37:42 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/01/17 18:37:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/15 22:17:21 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe [2012/01/15 22:17:21 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netstat.exe [2012/01/15 18:11:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job [2012/01/15 16:47:02 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job [2012/01/12 21:55:43 | 005,949,682 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Goodbye Mother Goodbye my tribute song to my mom-[www_flvto_com].mp3 [2012/01/12 21:12:59 | 000,000,978 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk [2012/01/10 22:01:06 | 000,603,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB [2012/01/09 21:52:12 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk [2012/01/09 21:51:29 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HijackThis.msi [2012/01/08 22:12:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2012/01/08 22:12:27 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\user\Desktop\ccsetup314.exe [2012/01/07 21:29:13 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/01/06 19:36:54 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/01/06 19:36:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/01/06 19:36:21 | 015,113,064 | ---- | M] (Mozilla) -- C:\Documents and Settings\user\My Documents\Firefox Setup 9.0.1.exe [2012/01/05 20:55:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2012/01/05 20:55:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012/01/05 20:55:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012/01/05 20:55:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012/01/05 20:55:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2012/01/05 20:55:01 | 017,159,968 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\user\Desktop\jre-6u30-windows-i586-s.exe [2012/01/05 20:51:08 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\user\Desktop\jxpiinstall.exe [2012/01/05 19:21:36 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2012/01/05 19:03:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Cache.db [2012/01/05 16:55:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2012/01/03 16:55:37 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT NetProtect Plus.lnk [2012/01/02 20:42:27 | 017,848,280 | ---- | M] (PC Tools) -- C:\Documents and Settings\user\Desktop\rminstall.exe [2012/01/02 20:25:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/01/02 20:04:03 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2012/01/01 22:13:08 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2012/01/01 22:12:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2012/01/01 22:12:03 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2012/01/01 22:09:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2012/01/01 12:18:41 | 000,096,200 | ---- | M] (CyberDefender Corp.) -- C:\WINDOWS\System32\drivers\CDAVFS.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/17 19:23:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/12 21:55:38 | 005,949,682 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Goodbye Mother Goodbye my tribute song to my mom-[www_flvto_com].mp3 [2012/01/12 21:12:59 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk [2012/01/09 21:51:50 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk [2012/01/09 21:51:28 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HijackThis.msi [2012/01/06 19:36:54 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/01/06 19:36:54 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/01/06 19:36:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012/01/05 19:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Cache.db [2012/01/03 17:08:02 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Photo Story 3 for Windows.lnk [2012/01/02 20:53:47 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job [2012/01/02 20:47:16 | 000,000,514 | ---- | C] () -- C:\WINDOWS\tasks\RMSmartUpdate.job [2012/01/02 20:46:27 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe [2012/01/02 20:24:11 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2012/01/02 20:24:10 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml [2012/01/02 20:24:09 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml [2012/01/02 20:24:04 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip [2012/01/02 20:24:04 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip [2012/01/02 20:04:12 | 000,603,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB [2012/01/02 20:04:03 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2012/01/01 21:46:29 | 008,937,859 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PhotoStory1_2.wmv [2011/12/26 15:48:35 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT NetProtect Plus.lnk [2011/12/18 18:41:53 | 000,007,110 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\c8hgh170gxp08wafuer8j84r88hf08vsrpu7msp [2011/12/18 18:41:53 | 000,007,110 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c8hgh170gxp08wafuer8j84r88hf08vsrpu7msp [2011/07/03 16:14:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bzulupomukimupe.dat [2011/07/03 16:14:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xqenaziguquxu.bin [2011/05/04 20:54:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2011/05/04 17:08:06 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/05/04 17:08:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/05/04 17:08:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/05/04 17:08:06 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/05/04 17:08:06 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/05/04 17:08:06 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/05/04 17:08:06 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/05/04 17:08:06 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/05/04 17:08:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/05/04 17:08:06 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011/05/04 17:08:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/05/04 17:08:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/05/04 17:08:06 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/05/04 17:08:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/05/04 17:08:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/05/04 17:08:06 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011/05/04 17:08:06 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011/05/04 17:08:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/05/04 17:08:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/05/01 21:53:07 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/30 18:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/04/30 12:05:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/10/03 16:55:36 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010/10/03 16:53:34 | 000,003,636 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010/10/03 16:52:40 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2010/10/03 16:52:40 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2010/10/03 16:52:40 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2010/10/03 16:52:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2010/10/03 16:52:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2010/10/03 16:52:37 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2010/10/03 16:52:37 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2010/10/03 16:52:35 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2010/10/03 16:52:34 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2010/10/03 16:51:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/10/03 13:34:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/10/03 13:33:32 | 000,262,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/03 12:43:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/10/03 12:39:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/04/14 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/14 12:00:00 | 000,447,998 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/14 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/14 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/14 12:00:00 | 000,071,756 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/14 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/14 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/14 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/14 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/14 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/04/15 16:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005/04/15 16:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2011/05/19 16:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2011/06/23 16:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bestpets [2011/05/19 16:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2011/04/30 12:16:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/05/04 17:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2011/05/19 16:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2011/07/03 16:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2012/01/17 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2011/05/04 17:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2011/04/30 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG10 [2011/10/08 20:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dropbox [2011/06/30 14:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Epson [2012/01/02 19:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera [2012/01/03 21:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PCTools [2011/08/15 18:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Piakid [2012/01/02 20:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Product_RM [2012/01/08 11:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Registry Mechanic [2012/01/06 17:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SumatraPDF [2011/10/05 11:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TeamViewer [2012/01/15 18:11:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job [2012/01/05 19:21:36 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job [2012/01/15 16:47:02 | 000,000,514 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job [2012/01/17 18:40:58 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{555429C0-D1E9-4696-8F23-E227A3ACEC2E}.job ========== Purity Check ========== ========== Custom Scans ========== < > < %SYSTEMDRIVE%\*.* > [2010/10/03 12:41:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2012/01/05 16:55:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010/10/03 12:41:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2012/01/01 12:20:06 | 000,346,490 | ---- | M] () -- C:\cybdefauth_i.log [2012/01/01 13:30:27 | 000,024,253 | ---- | M] () -- C:\CybDefInstallInfo.log [2012/01/01 12:18:39 | 000,000,114 | ---- | M] () -- C:\CybDefWebInstaller.log [2010/10/03 12:41:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/10/03 12:41:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/04/14 12:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/01/17 18:37:37 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2010/10/03 13:32:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2010/10/03 13:32:39 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2010/10/03 13:32:39 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB61306$] -> -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\netstat.exe:SummaryInformation @Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:430C6D84 < End of report > OTL Extras logfile created on: 17/01/2012 20:01:03 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.94 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 60.53% Memory free 3.19 Gb Paging File | 2.35 Gb Available in Paging File | 73.65% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.82 Gb Total Space | 209.09 Gb Free Space | 89.81% Space Free | Partition Type: NTFS Drive E: | 232.94 Gb Total Space | 232.85 Gb Free Space | 99.96% Space Free | Partition Type: NTFS Computer Name: USER-436AC3931B | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- Reg Error: Value error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer "C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent) "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30 "{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{CACAA91A-F779-45B3-97FA-6D47106C1C60}" = Bestpets CDROM Catalogue "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Browser Defender_is1" = Browser Defender 3.0 "BT Broadband Desktop Help" = BT Broadband Desktop Help "CCleaner" = CCleaner "Epson Printer Software Downloader" = Epson Printer Software Downloader "EPSON Scanner" = EPSON Scan "Epson Stylus SX110_TX110 User’s Guide" = Epson Stylus SX110_TX110 Manual "EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall "GoToAssist" = GoToAssist Corporate "ie8" = Windows Internet Explorer 8 "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0 "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20 "Spyware Doctor" = Spyware Doctor with AntiVirus 8.0 "VLC media player" = VLC media player 1.1.11 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04/11/2011 18:15:43 | Computer Name = USER-436AC3931B | Source = Application Hang | ID = 1002 Description = Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/11/2011 16:58:37 | Computer Name = USER-436AC3931B | Source = Application Hang | ID = 1002 Description = Hanging application java.exe, version 6.0.200.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 13/11/2011 18:11:13 | Computer Name = USER-436AC3931B | Source = Application Error | ID = 1000 Description = Faulting application mcitinfo.exe, version 11.0.488.0, faulting module mcitinfo.exe, version 11.0.488.0, fault address 0x0001eba0. Error - 13/11/2011 18:15:25 | Computer Name = USER-436AC3931B | Source = McLogEvent | ID = 5022 Description = Error - 23/11/2011 06:43:48 | Computer Name = USER-436AC3931B | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 13/01/2012 18:42:29 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000 Description = The McciCMService service failed to start due to the following error: %%2 Error - 13/01/2012 18:43:40 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the ThreatFire service to connect. Error - 13/01/2012 18:43:40 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000 Description = The ThreatFire service failed to start due to the following error: %%1053 Error - 14/01/2012 14:06:34 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000 Description = The McciCMService service failed to start due to the following error: %%2 Error - 15/01/2012 06:33:28 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000 Description = The McciCMService service failed to start due to the following error: %%2 Error - 15/01/2012 10:29:40 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000 Description = The McciCMService service failed to start due to the following error: %%2 Error - 15/01/2012 17:21:23 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000 Description = The McciCMService service failed to start due to the following error: %%2 Error - 16/01/2012 14:19:27 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000 Description = The McciCMService service failed to start due to the following error: %%2 Error - 16/01/2012 16:47:37 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000 Description = The McciCMService service failed to start due to the following error: %%2 Error - 17/01/2012 14:37:54 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000 Description = The McciCMService service failed to start due to the following error: %%2 < End of report >
- January 17, 2012
- 6 replies
cant do syatem restore and boot in safe mode

kamrez224 replied to kamrez224's topic in Tech Support & Discussions Forum

many thanks etavares for taking up my problem i cant find the folder in which the logfile is stored. initially when i thought there is a virus,i downloaded drweb and it showed i had backdoor tdss 554 and i clicked fix ,than i ran drweb again it kept on showing backdoor,so i uninstalled drweb and bought spyware doctor picked up lot of low to medium risk viruses and it did not mention backdoor,since than my computer is running fine but i cant do system restore ,keeps on saying system cannot be restored to previous date,when i reboot in safe mode screen goes blue,i checked the event log as suggested by my friend it is giving warning about tcp/ip at critical level. i am not very good with computers but with your kind help i will learn many thanks i will be waiting for your response
- January 16, 2012
- 6 replies
windows 7 deleating temp. files

kamrez224 replied to 871david's topic in Tech Support & Discussions Forum

cccleaner is very good to remove history and temp files
- January 15, 2012
- 2 replies
AVG constant warning ref MB usage while using IE

kamrez224 replied to 12tom's topic in Tech Support & Discussions Forum

i am getting these messages with opera as well
- January 15, 2012
- 8 replies
keyboard being tempermental

kamrez224 replied to lizzyb's topic in Tech Support & Discussions Forum

even when it is dry it wont work as it happened to me you have to invest in new one
- January 15, 2012
- 2 replies
cant do syatem restore and boot in safe mode

kamrez224 posted a topic in Tech Support & Discussions Forum

My dear friends please if somebody can help me ,i think i have malware on my system as i cant do system restore and when i boot up in safe mode blue screen appears,i had backdoor tdss virus which seems to have been removed by spyware doctor and malwarebyte remover,but i feel something is stopping system restore and safe boot.I have gat a logfile of trend micro hijack,but i dont know how to analyze it,i would be grateful if some of my learnerd friend can check this out for me. many thanks. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:52:24, on 09/01/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\PC Tools Security\pctsAuxs.exe C:\Program Files\PC Tools Security\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Tools Security\pctsGui.exe C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe C:\Program Files\PC Tools Security\TFEngine\TFService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\TEMP\kylsge\setup.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\user\Local Settings\Application Data\dvhstuqt\lcvfeuak.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286277652187 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\kylsge\setup.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McciCMService - Unknown owner - C:\Program Files\Common Files\Motive\McciCMService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Security\TFEngine\TFService.exe O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- End of file - 8979 bytes
- January 15, 2012
- 6 replies

Sign In

kamrez224

Posts

Joined

Last visited

Tech Info

kamrez224's Achievements

Newbie (1/14)

Reputation

cant do syatem restore and boot in safe mode

cant do syatem restore and boot in safe mode

windows 7 deleating temp. files

AVG constant warning ref MB usage while using IE

keyboard being tempermental

cant do syatem restore and boot in safe mode

Browse

Activity

Site Info