Jump to content

cant do syatem restore and boot in safe mode

kamrez224
 Share

Recommended Posts

kamrez224 Newbie

kamrez224

Posted
Posted

My dear friends please if somebody can help me ,i think i have malware on my system as i cant do system restore and when i boot up in safe mode blue screen appears,i had backdoor tdss virus which seems to have been removed by spyware doctor and malwarebyte remover,but i feel something is stopping system restore and safe boot.I have gat a logfile of trend micro hijack,but i dont know how to analyze it,i would be grateful if some of my learnerd friend can check this out for me.

many thanks.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:52:24, on 09/01/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

C:\Program Files\PC Tools Security\TFEngine\TFService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\TEMP\kylsge\setup.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\user\Local Settings\Application Data\dvhstuqt\lcvfeuak.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286277652187

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\kylsge\setup.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Unknown owner - C:\Program Files\Common Files\Motive\McciCMService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Security\TFEngine\TFService.exe

O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

 

--

End of file - 8979 bytes

  • Replies 6
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

etavares Newbie

etavares

Posted
Posted

Hello, kamrez224.

My name is etavares and I will be helping you with this log.

 

 

Here are some guidelines to ensure we are able to get your machine back under your control.

 

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

 

 

 

 

 

Step 1

 

 

 

 

Please follow the instructions here and post the requested logs in your reply.

 

 

Before posting for Malware Removal help.

 

 

Step 2

 

 

 

 

Since you had a backdoor TDSS virus, please post the TDSS Killer log(s) so I can see what variant it removed. You can find them in the C:\ folder.

 

 

Also, it is a backdoor virus, so I need to give you this warning:

 

 

 

 

Backdoor Warning

One or more of the identified infections is a backdoor trojan.

 

 

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

 

 

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

 

 

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

 

 

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

 

 

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.

 

 

 

etavares

 

 

kamrez224 Newbie

kamrez224

Posted
  • Author
Posted

many thanks etavares for taking up my problem

i cant find the folder in which the logfile is stored. initially when i thought there is a virus,i downloaded drweb and it showed i had backdoor tdss 554 and i clicked fix ,than i ran drweb again it kept on showing backdoor,so i uninstalled drweb and bought spyware doctor picked up lot of low to medium risk viruses and it did not mention backdoor,since than my computer is running fine but i cant do system restore ,keeps on saying system cannot be restored to previous date,when i reboot in safe mode screen goes blue,i checked the event log as suggested by my friend it is giving warning about tcp/ip at critical level.

i am not very good with computers but with your kind help i will learn

many thanks i will be waiting for your response

kamrez224 Newbie

kamrez224

Posted
  • Author
Posted

My friend following are the logs

Malwarebytes Anti-Malware 1.60.0.1800

http://www.malwarebytes.org

 

Database version: v2012.01.17.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

user :: USER-436AC3931B [administrator]

 

17/01/2012 19:24:45

mbam-log-2012-01-17 (19-24-45).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218418

Time elapsed: 25 minute(s), 11 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

OTL logfile created on: 17/01/2012 20:01:03 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1.94 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 60.53% Memory free

3.19 Gb Paging File | 2.35 Gb Available in Paging File | 73.65% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.82 Gb Total Space | 209.09 Gb Free Space | 89.81% Space Free | Partition Type: NTFS

Drive E: | 232.94 Gb Total Space | 232.85 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

 

Computer Name: USER-436AC3931B | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)

PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)

PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

PRC - C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools)

PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)

PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)

PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)

PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)

PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)

PRC - C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll ()

MOD - C:\Program Files\PC Tools Security\UserModeFileCache.dll ()

MOD - C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (McciCMService) -- File not found

SRV - (AMService) -- File not found

SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)

SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

SRV - (ThreatFire) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools)

SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)

SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)

SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)

SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)

SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)

DRV - (TFSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)

DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)

DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)

DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)

DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)

DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)

DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)

DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C AB B3 D9 7B 5B CC 01 [binary data]

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.order.2: "Google"

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/01/02 20:24:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/06 19:36:47 | 000,000,000 | ---D | M]

 

[2011/04/30 18:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2012/01/13 22:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions

[2011/05/28 21:27:43 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}

[2012/01/01 14:20:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/11/13 22:14:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)

[2011/11/14 16:51:07 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions\plugin@yontoo.com

[2012/01/01 14:20:24 | 000,000,000 | ---D | M] ("Update Service") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\extensions\updater@foxstart(2).com

[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\vbbyb5xz.default\searchplugins\askcom.xml

[2012/01/06 19:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/12/21 07:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

[2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll

CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: SiteAdvisor = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

 

Hosts file not found

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O15 - HKCU\..Trusted Domains: bt.com ([http://www.securedownload] https in Trusted sites)

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286277652187 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF19A9D1-3C35-4066-9E1D-60EB1F3EF9BC}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\user\Local Settings\Application Data\dvhstuqt\lcvfeuak.exe) - File not found

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/10/03 12:41:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{c020d7aa-95ac-11e0-baa7-001e8cce05c7}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/17 19:53:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2012/01/17 19:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/17 19:23:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/01/17 19:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/16 22:04:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent

[2012/01/12 22:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\New Folder (4)

[2012/01/12 21:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Registry Mechanic

[2012/01/11 17:58:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/01/09 21:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/01/09 21:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\HiJackThis

[2012/01/08 22:12:20 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\user\Desktop\ccsetup314.exe

[2012/01/08 19:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos

[2012/01/08 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure

[2012/01/07 20:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2012/01/06 19:36:14 | 015,113,064 | ---- | C] (Mozilla) -- C:\Documents and Settings\user\My Documents\Firefox Setup 9.0.1.exe

[2012/01/06 18:26:22 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.60.0.1800.exe

[2012/01/06 17:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SumatraPDF

[2012/01/06 17:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\PDF Reader

[2012/01/05 20:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/01/05 20:56:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2012/01/05 20:56:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2012/01/05 20:56:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2012/01/05 20:56:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2012/01/05 20:54:35 | 017,159,968 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\user\Desktop\jre-6u30-windows-i586-s.exe

[2012/01/05 20:51:08 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\user\Desktop\jxpiinstall.exe

[2012/01/05 16:55:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012/01/03 21:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PCTools

[2012/01/03 17:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Story 3 for Windows

[2012/01/02 20:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Registry Mechanic

[2012/01/02 20:46:29 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx

[2012/01/02 20:46:29 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx

[2012/01/02 20:46:28 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx

[2012/01/02 20:46:27 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX

[2012/01/02 20:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools

[2012/01/02 20:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Product_RM

[2012/01/02 20:42:20 | 017,848,280 | ---- | C] (PC Tools) -- C:\Documents and Settings\user\Desktop\rminstall.exe

[2012/01/02 20:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Threat Expert

[2012/01/02 20:24:07 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll

[2012/01/02 20:24:04 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll

[2012/01/02 20:24:04 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll

[2012/01/02 20:24:01 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys

[2012/01/02 20:24:00 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys

[2012/01/02 20:24:00 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys

[2012/01/02 20:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2012/01/02 20:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2012/01/02 20:04:11 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys

[2012/01/02 20:04:11 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys

[2012/01/02 20:04:10 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys

[2012/01/02 20:04:04 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys

[2012/01/02 20:04:04 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys

[2012/01/02 20:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security

[2012/01/02 20:03:55 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys

[2012/01/02 20:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2012/01/02 20:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security

[2012/01/02 20:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PC Tools

[2012/01/02 19:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2012/01/02 19:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Opera

[2012/01/02 19:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Opera

[2012/01/02 11:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2012/01/02 11:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2012/01/01 22:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\vlc

[2012/01/01 22:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN

[2012/01/01 22:10:27 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2012/01/01 22:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2

[2012/01/01 22:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\PCHealth

[2012/01/01 22:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2012/01/01 12:20:16 | 000,096,200 | ---- | C] (CyberDefender Corp.) -- C:\WINDOWS\System32\drivers\CDAVFS.sys

[2012/01/01 12:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium

[2011/12/31 18:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2011/12/30 21:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/01/17 19:53:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2012/01/17 19:25:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/01/17 19:23:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/17 19:22:41 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.60.0.1800.exe

[2012/01/17 18:42:04 | 000,447,998 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/17 18:42:04 | 000,071,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/17 18:40:58 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{555429C0-D1E9-4696-8F23-E227A3ACEC2E}.job

[2012/01/17 18:38:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/17 18:37:42 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/17 18:37:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/15 22:17:21 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe

[2012/01/15 22:17:21 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netstat.exe

[2012/01/15 18:11:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job

[2012/01/15 16:47:02 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job

[2012/01/12 21:55:43 | 005,949,682 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Goodbye Mother Goodbye my tribute song to my mom-[www_flvto_com].mp3

[2012/01/12 21:12:59 | 000,000,978 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk

[2012/01/10 22:01:06 | 000,603,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2012/01/09 21:52:12 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk

[2012/01/09 21:51:29 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HijackThis.msi

[2012/01/08 22:12:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2012/01/08 22:12:27 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\user\Desktop\ccsetup314.exe

[2012/01/07 21:29:13 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/01/06 19:36:54 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/01/06 19:36:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/01/06 19:36:21 | 015,113,064 | ---- | M] (Mozilla) -- C:\Documents and Settings\user\My Documents\Firefox Setup 9.0.1.exe

[2012/01/05 20:55:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2012/01/05 20:55:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2012/01/05 20:55:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2012/01/05 20:55:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2012/01/05 20:55:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2012/01/05 20:55:01 | 017,159,968 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\user\Desktop\jre-6u30-windows-i586-s.exe

[2012/01/05 20:51:08 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\user\Desktop\jxpiinstall.exe

[2012/01/05 19:21:36 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job

[2012/01/05 19:03:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Cache.db

[2012/01/05 16:55:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2012/01/03 16:55:37 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT NetProtect Plus.lnk

[2012/01/02 20:42:27 | 017,848,280 | ---- | M] (PC Tools) -- C:\Documents and Settings\user\Desktop\rminstall.exe

[2012/01/02 20:25:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/01/02 20:04:03 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk

[2012/01/01 22:13:08 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/01/01 22:12:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2012/01/01 22:12:03 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2012/01/01 22:09:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2012/01/01 12:18:41 | 000,096,200 | ---- | M] (CyberDefender Corp.) -- C:\WINDOWS\System32\drivers\CDAVFS.sys

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/01/17 19:23:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/12 21:55:38 | 005,949,682 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Goodbye Mother Goodbye my tribute song to my mom-[www_flvto_com].mp3

[2012/01/12 21:12:59 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk

[2012/01/09 21:51:50 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk

[2012/01/09 21:51:28 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HijackThis.msi

[2012/01/06 19:36:54 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/01/06 19:36:54 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/01/06 19:36:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2012/01/05 19:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Cache.db

[2012/01/03 17:08:02 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Photo Story 3 for Windows.lnk

[2012/01/02 20:53:47 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job

[2012/01/02 20:47:16 | 000,000,514 | ---- | C] () -- C:\WINDOWS\tasks\RMSmartUpdate.job

[2012/01/02 20:46:27 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe

[2012/01/02 20:24:11 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll

[2012/01/02 20:24:10 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml

[2012/01/02 20:24:09 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml

[2012/01/02 20:24:04 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip

[2012/01/02 20:24:04 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip

[2012/01/02 20:04:12 | 000,603,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2012/01/02 20:04:03 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk

[2012/01/01 21:46:29 | 008,937,859 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PhotoStory1_2.wmv

[2011/12/26 15:48:35 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT NetProtect Plus.lnk

[2011/12/18 18:41:53 | 000,007,110 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\c8hgh170gxp08wafuer8j84r88hf08vsrpu7msp

[2011/12/18 18:41:53 | 000,007,110 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c8hgh170gxp08wafuer8j84r88hf08vsrpu7msp

[2011/07/03 16:14:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bzulupomukimupe.dat

[2011/07/03 16:14:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xqenaziguquxu.bin

[2011/05/04 20:54:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

[2011/05/04 17:08:06 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011/05/04 17:08:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011/05/04 17:08:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/05/04 17:08:06 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2011/05/04 17:08:06 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011/05/04 17:08:06 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011/05/04 17:08:06 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011/05/04 17:08:06 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011/05/04 17:08:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011/05/04 17:08:06 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2011/05/04 17:08:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011/05/04 17:08:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011/05/04 17:08:06 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011/05/04 17:08:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011/05/04 17:08:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011/05/04 17:08:06 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2011/05/04 17:08:06 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2011/05/04 17:08:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011/05/04 17:08:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2011/05/01 21:53:07 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/30 18:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/04/30 12:05:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/10/03 16:55:36 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/10/03 16:53:34 | 000,003,636 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2010/10/03 16:52:40 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2010/10/03 16:52:40 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2010/10/03 16:52:40 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2010/10/03 16:52:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2010/10/03 16:52:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2010/10/03 16:52:37 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2010/10/03 16:52:37 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2010/10/03 16:52:35 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2010/10/03 16:52:34 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2010/10/03 16:51:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/03 13:34:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/10/03 13:33:32 | 000,262,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/03 12:43:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/10/03 12:39:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/14 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 12:00:00 | 000,447,998 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 12:00:00 | 000,071,756 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/04/15 16:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/04/15 16:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

 

========== LOP Check ==========

 

[2011/05/19 16:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/06/23 16:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bestpets

[2011/05/19 16:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2011/04/30 12:16:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/05/04 17:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2011/05/19 16:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/07/03 16:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

[2012/01/17 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2011/05/04 17:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2011/04/30 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG10

[2011/10/08 20:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dropbox

[2011/06/30 14:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Epson

[2012/01/02 19:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera

[2012/01/03 21:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PCTools

[2011/08/15 18:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Piakid

[2012/01/02 20:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Product_RM

[2012/01/08 11:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Registry Mechanic

[2012/01/06 17:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SumatraPDF

[2011/10/05 11:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TeamViewer

[2012/01/15 18:11:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job

[2012/01/05 19:21:36 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

[2012/01/15 16:47:02 | 000,000,514 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job

[2012/01/17 18:40:58 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{555429C0-D1E9-4696-8F23-E227A3ACEC2E}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< >

 

< %SYSTEMDRIVE%\*.* >

[2010/10/03 12:41:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2012/01/05 16:55:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010/10/03 12:41:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2012/01/01 12:20:06 | 000,346,490 | ---- | M] () -- C:\cybdefauth_i.log

[2012/01/01 13:30:27 | 000,024,253 | ---- | M] () -- C:\CybDefInstallInfo.log

[2012/01/01 12:18:39 | 000,000,114 | ---- | M] () -- C:\CybDefWebInstaller.log

[2010/10/03 12:41:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/10/03 12:41:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 12:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/01/17 18:37:37 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\System32\config\*.sav >

[2010/10/03 13:32:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2010/10/03 13:32:39 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2010/10/03 13:32:39 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %PROGRAMFILES%\* >

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 07:42:21 | 000,715,216 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 07:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

 

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\$NtUninstallKB61306$] -> -> Unknown point type

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\netstat.exe:SummaryInformation

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:430C6D84

 

< End of report >

 

OTL Extras logfile created on: 17/01/2012 20:01:03 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1.94 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 60.53% Memory free

3.19 Gb Paging File | 2.35 Gb Available in Paging File | 73.65% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.82 Gb Total Space | 209.09 Gb Free Space | 89.81% Space Free | Partition Type: NTFS

Drive E: | 232.94 Gb Total Space | 232.85 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

 

Computer Name: USER-436AC3931B | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- Reg Error: Value error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer

"C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox

"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)

"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page

"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{CACAA91A-F779-45B3-97FA-6D47106C1C60}" = Bestpets CDROM Catalogue

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Browser Defender_is1" = Browser Defender 3.0

"BT Broadband Desktop Help" = BT Broadband Desktop Help

"CCleaner" = CCleaner

"Epson Printer Software Downloader" = Epson Printer Software Downloader

"EPSON Scanner" = EPSON Scan

"Epson Stylus SX110_TX110 User’s Guide" = Epson Stylus SX110_TX110 Manual

"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall

"GoToAssist" = GoToAssist Corporate

"ie8" = Windows Internet Explorer 8

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Drivers" = NVIDIA Drivers

"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20

"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0

"VLC media player" = VLC media player 1.1.11

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 04/11/2011 18:15:43 | Computer Name = USER-436AC3931B | Source = Application Hang | ID = 1002

Description = Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

 

Error - 10/11/2011 16:58:37 | Computer Name = USER-436AC3931B | Source = Application Hang | ID = 1002

Description = Hanging application java.exe, version 6.0.200.2, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

 

Error - 13/11/2011 18:11:13 | Computer Name = USER-436AC3931B | Source = Application Error | ID = 1000

Description = Faulting application mcitinfo.exe, version 11.0.488.0, faulting module

mcitinfo.exe, version 11.0.488.0, fault address 0x0001eba0.

 

Error - 13/11/2011 18:15:25 | Computer Name = USER-436AC3931B | Source = McLogEvent | ID = 5022

Description =

 

Error - 23/11/2011 06:43:48 | Computer Name = USER-436AC3931B | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

[ System Events ]

Error - 13/01/2012 18:42:29 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000

Description = The McciCMService service failed to start due to the following error:

%%2

 

Error - 13/01/2012 18:43:40 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the ThreatFire service to

connect.

 

Error - 13/01/2012 18:43:40 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000

Description = The ThreatFire service failed to start due to the following error:

%%1053

 

Error - 14/01/2012 14:06:34 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000

Description = The McciCMService service failed to start due to the following error:

%%2

 

Error - 15/01/2012 06:33:28 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000

Description = The McciCMService service failed to start due to the following error:

%%2

 

Error - 15/01/2012 10:29:40 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000

Description = The McciCMService service failed to start due to the following error:

%%2

 

Error - 15/01/2012 17:21:23 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000

Description = The McciCMService service failed to start due to the following error:

%%2

 

Error - 16/01/2012 14:19:27 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000

Description = The McciCMService service failed to start due to the following error:

%%2

 

Error - 16/01/2012 16:47:37 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000

Description = The McciCMService service failed to start due to the following error:

%%2

 

Error - 17/01/2012 14:37:54 | Computer Name = USER-436AC3931B | Source = Service Control Manager | ID = 7000

Description = The McciCMService service failed to start due to the following error:

%%2

 

 

< End of report >

etavares Newbie

etavares

Posted
Posted

Hello, kamrez224.

 

You still have a rootkit on your computer.

 

 

 

 

Trusted Zone Warning

 

 

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

 

 

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

 

 

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.

 

 

 

 

 

 

Step 1

 

 

 

 

 

 

Next, please download ComboFix from one of these locations:

* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe


  •  
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
     
  • Double click on etavaresCF.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

 

 

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

 

Click on Yes, to continue scanning for malware.

 

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

 

 

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

 

 

 

 

 

 

Step 2

 

 

We need to scan the system with this special tool:

 

 

* Please download and save:

 

 

Junction.zip

 

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).

* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

 

 

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

 

 

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

 

 

etavares

 

 

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...