explorer.exe problem

[ajackson269]

Hi folks ive got a problem since yesterday i cant open any of my folders such as control panel, Computer,

 

pictures, music and so on it says "Windows cannot access the specific device,path or file You may not have

 

the appropriate permissions to access the item " this is my pc and i am the adminastrator not sure if ive picked

 

some sort of bug any ideas folks

[Starbuck]

Hi ajackson269,

 

What do you have in the way of 'Security' programs on the system?

Have you run an AntiMalware scan on the system?

Are you getting any popups for strange programs?

 

i've got a problem since yesterday

What were you doing when you noticed this, were you downloading anything?

[ajackson269]

hi thanks for replying so quick . I have eset nod 32 antivirus 4 which i have just ran a scan and it found some adware

 

i was having dificulty starting the pc yesterday it was making an on whirring sound and freezing not sure if my

 

hard drive is maybe on its way out but i never downloaded anything once i got it started using my windows disc

 

also the internet has been slow recently

[Starbuck]

Hi ajackson269,

 

I have eset nod 32 antivirus 4 which i have just ran a scan and it found some adware

Eset is a good program, so that's a bonus.

Can you remember what Eset found?

 

it was making an on whirring sound and freezing not sure if my

hard drive is maybe on its way out

How old is the system?

 

It wouldn't hurt to take a closer look and see what's going on.

I'll move your thread to the malware removal forum, because of the tools we'll be using.

 

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
  
• Double-click on Download_mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware

  [*]Then click Finish.

  [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

  [*]On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
    
  • Then click on the Scan button.

  [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

  [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

  [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

  [*]Click OK to close the message box and continue with the removal process.

  [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

  [*]Make sure that everything is checked, and click Remove Selected.

  [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

  [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

  [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

Step 2

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png

Now copy the lines in bold below.
 
netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
 
 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

 

In your next reply, please submit:

MBAM scan report

Both reports from OTL.

The main.txt will open, but the extras.txt will be minimized to the taskbar.

 

 

Thanks.

[ajackson269]

hi star buck ,

 

im sorry i cant remember what eset found i just deleted them straight away

 

ive got the info from both scans here::

 

Malwarebytes' Anti-Malware 1.46

Malwarebytes

 

Database version: 5035

 

Windows 6.1.7600

Internet Explorer 9.0.7930.16406

 

03/11/2010 18:30:08

mbam-log-2010-11-03 (18-30-08).txt

 

Scan type: Full scan (A:\|C:\|D:\|F:\|G:\|H:\|I:\|Q:\|)

Objects scanned: 269405

Time elapsed: 37 minute(s), 47 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 12

Files Infected: 12

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\ErrorRepairPro (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Error Repair Professional_is1 (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\errorrepairpro (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\Program Files (x86)\Error Repair Professional (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Error Repair Professional\Backups (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Error Repair Professional\startbug (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Perfect Optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Perfect Optimizer\Backup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Perfect Optimizer\Backup\Application (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Perfect Optimizer\Backup\Registry (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Perfect Optimizer\Backup\Registry\FirstBackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Perfect Optimizer\Backup\Registry\FullBackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Perfect Optimizer\Backup\Service (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Perfect Optimizer\Temp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Error Repair Professional (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

 

Files Infected:

C:\Program Files (x86)\Error Repair Professional\ErrorRepairProfessional.exe (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

C:\Users\ALAN\AppData\Local\Temp\1040947.exe (Trojan.Buzus) -> Quarantined and deleted successfully.

C:\Users\ALAN\AppData\Local\Temp\1693843.exe (Trojan.Buzus) -> Quarantined and deleted successfully.

C:\Users\ALAN\AppData\Local\Temp\991932.exe (Trojan.Buzus) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Error Repair Professional\unins000.dat (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Error Repair Professional\unins000.exe (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Perfect Optimizer\PerfectOptimizer.ini (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Error Repair Professional\Error Repair Professional.lnk (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Error Repair Professional\Uninstall Error Repair Professional.lnk (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

C:\Users\ALAN\Local Settings\Temporary Internet Files\Silverlight.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

OTL SCANS >>>>

 

OTL logfile created on: 03/11/2010 19:01:24 - Run 1

OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\ALAN\Downloads

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.7930.16406)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 186.08 Gb Total Space | 97.77 Gb Free Space | 52.54% Space Free | Partition Type: NTFS

 

Computer Name: ALAN-PC | User Name: ALAN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\ALAN\Downloads\OTL.scr (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)

PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\ALAN\Downloads\OTL.scr (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_062a651.dll ()

SRV - (ServiceLayer) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (Mrvleap) -- C:\Windows\SysNative\DRIVERS\mrv64drv.sys File not found

DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)

DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)

DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)

DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)

DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()

DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)

DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)

DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()

DRV - (Mrvleap) -- C:\Windows\SysWOW64\drivers\mrv64drv.sys (Windows ® Codename Longhorn DDK provider)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files (x86)\MapNeto_1\tbMapN.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 22 19 1F 1A 92 CA 01 [binary data]

IE - HKCU\..\URLSearchHook: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files (x86)\MapNeto_1\tbMapN.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://uk.ask.com?o=101912&l=dis"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/15 19:58:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 19:59:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/22 20:13:13 | 000,000,000 | ---D | M]

 

[2010/06/21 19:16:02 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Mozilla\Extensions

[2010/06/21 19:16:02 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/10/29 19:21:52 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\wsj00b6r.default\extensions

[2010/10/29 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\wsj00b6r.default\extensions\toolbar@ask.com

[2010/02/04 15:45:40 | 000,002,254 | ---- | M] () -- C:\Users\ALAN\AppData\Roaming\Mozilla\Firefox\Profiles\wsj00b6r.default\searchplugins\askcom.xml

[2010/10/28 19:54:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/08/21 12:14:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/22 09:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/28 19:54:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/01/16 00:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/16 00:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/16 00:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/16 00:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

 

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (MapNeto 1 Toolbar) - {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files (x86)\MapNeto_1\tbMapN.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (MapNeto 1 Toolbar) - {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files (x86)\MapNeto_1\tbMapN.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()

O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (MapNeto 1 Toolbar) - {1E7E4DE1-5EF4-4BAA-9250-C26258DC499A} - C:\Program Files (x86)\MapNeto_1\tbMapN.dll (Conduit Ltd.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)

O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)

O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O8:64bit: - Extra context menu item: Search with Wanadoo - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O8 - Extra context menu item: Search with Wanadoo - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Seite nicht gefunden | Facebook (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/openapi/receivers/FMSI.cab (Futuremark SystemInfo)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/11/03 17:45:15 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\Malwarebytes

[2010/11/03 17:45:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/11/03 17:45:03 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/11/03 17:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/11/03 17:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/11/02 18:30:18 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\DriverCure

[2010/11/02 18:30:17 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\ParetoLogic

[2010/11/02 18:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic

[2010/11/02 18:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic

[2010/11/02 18:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic

[2010/11/01 19:29:01 | 000,000,000 | ---D | C] -- C:\Users\ALAN\AppData\Roaming\HD Tune Pro

[2010/11/01 19:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune Pro

[2010/10/29 16:31:51 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys

[2010/10/28 19:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2010/10/28 19:54:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010/10/28 19:54:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010/10/28 19:54:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010/10/26 17:15:40 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/10/26 17:15:40 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/10/26 17:15:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/10/26 17:15:40 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/10/26 17:15:40 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/10/26 17:15:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/10/26 17:15:13 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2010/10/23 11:35:17 | 000,000,000 | -HSD | C] -- C:\found.000

[2010/10/14 10:03:41 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2010/10/14 10:03:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2010/10/14 10:03:39 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2010/10/14 10:03:33 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2010/10/14 10:03:31 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2010/10/14 10:03:28 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2010/10/14 10:03:28 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2010/10/14 10:03:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2010/10/05 18:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDS

[2010/09/16 20:00:04 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\ALAN\AppData\Roaming\pcouffin.sys

 

========== Files - Modified Within 30 Days ==========

 

[2010/11/03 18:53:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2840587429-2045661810-1812110305-1000UA.job

[2010/11/03 18:46:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/03 18:46:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/03 18:39:10 | 000,016,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/03 18:39:09 | 000,016,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/03 18:36:43 | 000,733,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/11/03 18:36:43 | 000,632,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/11/03 18:36:43 | 000,112,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/11/03 18:31:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/03 18:31:42 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/03 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job

[2010/11/03 17:45:08 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/02 19:45:11 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job

[2010/11/02 19:45:11 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job

[2010/11/02 19:45:11 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job

[2010/11/02 18:30:08 | 000,001,101 | ---- | M] () -- C:\Users\ALAN\Desktop\ParetoLogic PC Health Advisor.lnk

[2010/11/01 19:28:53 | 000,000,967 | ---- | M] () -- C:\Users\ALAN\Desktop\HD Tune Pro.lnk

[2010/11/01 19:20:40 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat

[2010/10/29 16:33:40 | 000,002,669 | ---- | M] () -- C:\Users\ALAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Ovi Player.lnk

[2010/10/29 16:33:40 | 000,002,657 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Player.lnk

[2010/10/28 19:59:07 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/10/24 11:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\PerfectOptimizer_home.job

[2010/10/24 10:53:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2840587429-2045661810-1812110305-1000Core.job

[2010/10/23 19:52:45 | 000,002,395 | ---- | M] () -- C:\Users\ALAN\Desktop\Google Chrome.lnk

[2010/10/18 18:20:07 | 019,657,194 | ---- | M] () -- C:\Users\ALAN\Documents\vlc-1.1.4-win32.exe

[2010/10/15 16:58:45 | 000,266,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

 

========== Files Created - No Company Name ==========

 

[2010/11/03 17:45:08 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/02 18:30:23 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job

[2010/11/02 18:30:08 | 000,001,101 | ---- | C] () -- C:\Users\ALAN\Desktop\ParetoLogic PC Health Advisor.lnk

[2010/11/02 18:30:07 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job

[2010/11/02 18:30:06 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job

[2010/11/01 19:20:40 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat

[2010/10/28 19:59:07 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/09/16 20:00:48 | 000,000,034 | ---- | C] () -- C:\Users\ALAN\AppData\Roaming\pcouffin.log

[2010/09/16 20:00:04 | 000,099,384 | ---- | C] () -- C:\Users\ALAN\AppData\Roaming\inst.exe

[2010/09/16 20:00:04 | 000,007,859 | ---- | C] () -- C:\Users\ALAN\AppData\Roaming\pcouffin.cat

[2010/09/16 20:00:04 | 000,001,167 | ---- | C] () -- C:\Users\ALAN\AppData\Roaming\pcouffin.inf

[2010/07/07 18:34:01 | 000,729,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/05/11 19:26:58 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010/04/09 18:36:17 | 000,020,992 | ---- | C] () -- C:\Users\ALAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/30 23:05:31 | 000,000,160 | ---- | C] () -- C:\Users\ALAN\AppData\Roaming\default.rss

[2010/01/30 21:45:17 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2010/01/30 21:45:15 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2010/01/30 21:45:15 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2010/01/16 14:06:48 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/01/12 19:10:45 | 000,303,104 | ---- | C] () -- C:\Program Files (x86)\Common Files\FDEUnInstaller.exe

[2010/01/10 17:27:41 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2010/01/10 17:27:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/01/31 23:52:50 | 000,000,049 | ---- | C] () -- C:\Users\ALAN\AppData\Roaming\register.bat

[2008/11/13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini

[2007/12/04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini

[2007/06/07 05:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini

[2004/04/06 15:15:42 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll

[2004/04/06 15:15:40 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll

[2003/09/01 10:51:02 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\Installrt2500qa.dll

 

========== LOP Check ==========

 

[2010/11/02 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\DriverCure

[2010/01/10 19:09:59 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\ESET

[2010/01/12 19:22:48 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\EVEMon

[2010/07/14 19:49:51 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\GARMIN

[2010/06/15 19:20:28 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\GetRightToGo

[2010/11/01 19:29:01 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\HD Tune Pro

[2010/09/03 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Nokia

[2010/11/02 18:30:17 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\ParetoLogic

[2010/08/29 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\PC Suite

[2010/05/05 07:56:02 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\SendSpace Wizard

[2010/10/13 18:55:14 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\SoftGrid Client

[2010/07/07 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\TP

[2010/01/19 18:49:26 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\TS3Client

[2010/09/16 20:00:48 | 000,000,000 | ---D | M] -- C:\Users\ALAN\AppData\Roaming\Vso

[2010/11/03 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job

[2010/11/02 19:45:11 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job

[2010/11/02 19:45:11 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job

[2010/11/02 19:45:11 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job

[2010/10/24 11:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\PerfectOptimizer_home.job

[2010/09/16 19:36:38 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 01:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 

< MD5 for: IASTORV.SYS >

[2009/07/14 01:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/14 01:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2009/07/14 01:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2009/07/14 01:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/14 01:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2009/07/14 01:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009/07/14 01:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009/07/14 01:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009/07/14 01:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< >

 

< End of report >

 

 

OTL EXTRA SCAN REPORT >>>>>

 

OTL Extras logfile created on: 03/11/2010 19:01:39 - Run 1

OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\ALAN\Downloads

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.7930.16406)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 186.08 Gb Total Space | 97.77 Gb Free Space | 52.54% Space Free | Partition Type: NTFS

 

Computer Name: ALAN-PC | User Name: ALAN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp[@ = hlpfile] -- C:\Windows\SysWow64\winhlp32.exe File not found

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\SysWow64\winhlp32.exe File not found

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\SysWow64\winhlp32.exe %1 File not found

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\SysWow64\winhlp32.exe %1 File not found

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java 6 Update 18 (64-bit)

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support

"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{B35D33C7-3BFA-4943-8090-AFC05A4725DD}" = ESET NOD32 Antivirus

"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)

"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR archiver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1226B9A5-FBFD-4120-9AED-08CABCDAF3AB}" = Nokia Ovi Player

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18F78B1A-964A-442C-BCE5-1FF4CBACAD90}" = ConstructionSkills

"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 22

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater

"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8F651796-EC48-4A33-87D9-6866D3022052}" = Nokia Connectivity Cable Driver

"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool

"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5

"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center

"{E4423F16-0E98-4855-BFF4-3EF016C55D67}" = Nokia_Multimedia_Common_Components_2_5

"{F97ADCF7-AEAC-4721-B2AD-1BE5A0E4459E}" = Realtime Landscaping Architect 2 Trial

"7-Zip" = 7-Zip 4.65

"AC3Filter_is1" = AC3Filter 1.63b

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Akamai" = Akamai NetSession Interface

"ALchemy" = Creative ALchemy

"AudioCS" = Creative Audio Control Panel

"Bass Audio Decoder" = Bass Audio Decoder (remove only)

"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX

"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition

"DCoder Image Source" = DCoder Image Source (remove only)

"DirectVobSub" = DirectVobSub (remove only)

"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders

"DVD Shrink_is1" = DVD Shrink 3.2

"EASEUS Partition Master Professional Edition Demo_is1" = EASEUS Partition Master 5.0.1 Professional Edition Demo

"EVE" = EVE Online (remove only)

"EVEMon" = EVEMon

"ExpressBurn" = Express Burn Disc Burning Software

"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]

"FFMPEG Core Files" = FFMPEG Core Files (remove only)

"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)

"HaaliMkx" = Haali Media Splitter

"HD Tune Pro_is1" = HD Tune Pro 4.60

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MapNeto_1 Toolbar" = MapNeto 1 Toolbar

"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)

"Nokia PC Suite" = Nokia PC Suite

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)

"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)

"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)

"orange3" = Orange Search Toolbar

"PhotoStitch" = Canon Utilities PhotoStitch

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealMedia" = RealMedia (remove only)

"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX

"SendSpaceWizard" = SendSpace Wizard

"SHOUTcast Source" = SHOUTcast Source (remove only)

"Solar Accounts" = Solar Accounts

"VLC media player" = VLC media player 1.0.5

"Wanadoo" = Wanadoo Search Toolbar

"WaveStudio 7" = Creative WaveStudio 7

"Windows Media Player 11 - For Windows 7 11.0.6001.7000" = Windows Media Player 11 - For Windows 7 11.0.6001.7000

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03/11/2010 14:34:19 | Computer Name = ALAN-PC | Source = .NET Runtime Optimization Service | ID = 1111

Description =

 

Error - 03/11/2010 14:36:08 | Computer Name = ALAN-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 03/11/2010 14:36:08 | Computer Name = ALAN-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 03/11/2010 14:36:08 | Computer Name = ALAN-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 03/11/2010 14:36:08 | Computer Name = ALAN-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 03/11/2010 14:36:08 | Computer Name = ALAN-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 03/11/2010 14:36:08 | Computer Name = ALAN-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 03/11/2010 14:36:09 | Computer Name = ALAN-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 03/11/2010 14:36:09 | Computer Name = ALAN-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 03/11/2010 14:36:09 | Computer Name = ALAN-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

[ System Events ]

Error - 03/11/2010 15:01:35 | Computer Name = ALAN-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 03/11/2010 15:01:38 | Computer Name = ALAN-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 03/11/2010 15:02:22 | Computer Name = ALAN-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 03/11/2010 15:02:25 | Computer Name = ALAN-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 03/11/2010 15:02:28 | Computer Name = ALAN-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 03/11/2010 15:02:31 | Computer Name = ALAN-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 03/11/2010 15:02:33 | Computer Name = ALAN-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 03/11/2010 15:02:36 | Computer Name = ALAN-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 03/11/2010 15:02:39 | Computer Name = ALAN-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

Error - 03/11/2010 15:02:42 | Computer Name = ALAN-PC | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

 

 

< End of report >

 

 

lots to read here thanks very much again for the help

[Starbuck]

Hi ajackson,

 

Ok, it's only fair that i run this by you before we do anything:

 

Some browser hijackers and downloaders such as 'Trojan.Buzus ' - have been/are active on your computer.

It captures certain information entered or saved by the user, with the corresponding threat to privacy: keystrokes, in order to obtain information for accessing online banking services, passwords and other confidential information.

 

It sends the gathered information to a remote user by any available means: email, FTP, etc.

 

It reduces the security level of the computer: it changes the security settings of Internet Explorer, decreasing its security level.

 

Does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

 

Unfortunately we cannot be sure about what they have done.

 

If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

 

Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

 

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.

 

It's your call, i'm afraid.

[ajackson269]

mmm not so good im going to format and renstall thanks ill get back to you as soon as im back up and running cheers for the heads up

[Starbuck]

Hi ajackson,

 

With some infections, a reinstall is the best option.

ill get back to you as soon as im back up and running

No problem, you know where we are if you need us.