gumdrop
-
Posts
57 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by gumdrop
-
Boot-up has slowed some but that is the only problem. Should I delete C;\_OLT\Moved Files and is there any other cleanup to do. Avira didn't see the virus, do you think any of the anti virus programs would have picked up the trojan before we were infected ? This trojan came from opening a film review on the web. Is there any safe way of checking unknown websites prior to opening them ? Again thanks for the support.
-
Hi..................Avira with no requests from us flagged up and quarantined............ C:\System Volume Information\_restore{A90..... ..... 71B}\RP2\A0000039.exe TR/Kazy.134631.1 .......................this morning.
-
I started a thread in Avira forums asking why Avira did not notice the trojan when real-time protection was running and received the following from Malwarebytes Also can you please go to C:\_OTL\MovedFiles and right click on the folder, select send to compressed(zip) folder that will make a zipped copy of this folder. Then please upload it to http://www.bleepingcomputer.com/submit-m…php?channel=122 so we can examine the files and submit to antivirus companies if needed. After that please delete the zip files you just created. Regards, Georgi I have submitted the file as requested. Yesterday when running a full scan of the system with MBAM, Avira found TR/Kazy.134631.1 in the OLT folder. Windows Security Centre is now working ok with firewall, updates and internet all working. I will reboot a few times to see if startup improves, it is running slower than prior to the infection.....Many Thanks for your help and look forward to getting your next posting. I
-
Farbar Service Scanner Version: 05-01-2013 Ran by Administrator (administrator) on 12-01-2013 at 23:06:02 Running from "C:\Documents and Settings\Administrator\Desktop" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. winmgmt Service is not running. Checking service configuration: The start type of winmgmt service is OK. The ImagePath of winmgmt service is OK. The ServiceDll of winmgmt service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. winmgmt Service is not running. Checking service configuration: The start type of winmgmt service is OK. The ImagePath of winmgmt service is OK. The ServiceDll of winmgmt service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 0x0B00000005000000010000000200000003000000040000000800000056000000070000000A0000000B00000006000000 IpSec Tag value is correct. **** End of log ****
-
As noted previously we have lost Security Centre
-
I hope by posting you mean't this, let me know if I got it wrong Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.6 Spybot - Search & Destroy Secunia PSI (3.0.0.6001) Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner Panda Cloud Cleaner Java 7 Update 10 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader XI Mozilla Firefox (18.0) Mozilla Thunderbird (17.0.) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 5% ````````````````````End of Log``````````````````````
-
# AdwCleaner v2.105 - Logfile created 01/12/2013 at 20:01:29 # Updated 08/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - DELL # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\user.js Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions\staged Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\ConduitCommon Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3015261 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\prefs.js C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\user.js ... Deleted ! [OK] File is clean. File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\prefs.js C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\user.js ... Deleted ! Deleted : user_pref("CT2645238..clientLogIsEnabled", false); Deleted : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2645238.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2645238.CTID", "CT2645238"); Deleted : user_pref("CT2645238.CurrentServerDate", "6-8-2012"); Deleted : user_pref("CT2645238.DSInstall", false); Deleted : user_pref("CT2645238.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2645238.DialogsGetterLastCheckTime", "Mon Aug 06 2012 07:00:20 GMT+0100 (GMT Daylight T[...] Deleted : user_pref("CT2645238.DownloadReferralCookieData", ""); Deleted : user_pref("CT2645238.EMailNotifierPollDate", "Sat Jun 23 2012 10:51:02 GMT+0100 (GMT Daylight Time)"[...] Deleted : user_pref("CT2645238.FirstServerDate", "22-6-2012"); Deleted : user_pref("CT2645238.FirstTime", true); Deleted : user_pref("CT2645238.FirstTimeFF3", true); Deleted : user_pref("CT2645238.FixPageNotFoundErrors", true); Deleted : user_pref("CT2645238.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2645238.HPInstall", false); Deleted : user_pref("CT2645238.HasUserGlobalKeys", true); Deleted : user_pref("CT2645238.HomePageProtectorEnabled", false); Deleted : user_pref("CT2645238.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CT2645238.Initialize", true); Deleted : user_pref("CT2645238.InitializeCommonPrefs", true); Deleted : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2645238.InstallationId", "ct2645238_zonealarm_security.exe"); Deleted : user_pref("CT2645238.InstallationType", "ConduitXPEIntegration"); Deleted : user_pref("CT2645238.InstalledDate", "Fri Jun 22 2012 12:59:12 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2645238.IsAlertDBUpdated", true); Deleted : user_pref("CT2645238.IsGrouping", false); Deleted : user_pref("CT2645238.IsInitSetupIni", true); Deleted : user_pref("CT2645238.IsMulticommunity", false); Deleted : user_pref("CT2645238.IsOpenThankYouPage", false); Deleted : user_pref("CT2645238.IsOpenUninstallPage", false); Deleted : user_pref("CT2645238.LanguagePackLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Ti[...] Deleted : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2645238.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:32:58 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2645238.LastLogin_3.14.1.0", "Mon Aug 06 2012 06:48:37 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2645238.LastLogin_3.9.0.3", "Sat Jun 23 2012 06:44:56 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2645238.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2645238.Locale", "en"); Deleted : user_pref("CT2645238.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2645238.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2645238.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2645238.OriginalFirstVersion", "3.9.0.3"); Deleted : user_pref("CT2645238.SearchCaption", "ZoneAlarm Security Customized Web Search"); Deleted : user_pref("CT2645238.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Deleted : user_pref("CT2645238.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...] Deleted : user_pref("CT2645238.SearchInNewTabEnabled", true); Deleted : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight [...] Deleted : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2645238.SearchProtectorEnabled", false); Deleted : user_pref("CT2645238.SearchProtectorToolbarDisabled", true); Deleted : user_pref("CT2645238.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2645238.ServiceMapLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Time[...] Deleted : user_pref("CT2645238.SettingsLastCheckTime", "Mon Aug 06 2012 06:48:36 GMT+0100 (GMT Daylight Time)"[...] Deleted : user_pref("CT2645238.SettingsLastUpdate", "1342353030"); Deleted : user_pref("CT2645238.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13"); Deleted : user_pref("CT2645238.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Sat Jun 23 2012 07:37:29 GMT+0100 (GMT Dayligh[...] Deleted : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT2645238.ToolbarDisabled", true); Deleted : user_pref("CT2645238.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238"); Deleted : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2645238.UserID", "UN41505695258218955"); Deleted : user_pref("CT2645238.ValidationData_Search", 0); Deleted : user_pref("CT2645238.ValidationData_Toolbar", 2); Deleted : user_pref("CT2645238.alertChannelId", "1037922"); Deleted : user_pref("CT2645238.autoDisableScopes", -1); Deleted : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Fri Jun 22 2012 12:59:13 GMT+0100 (GMT Dayl[...] Deleted : user_pref("CT2645238.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2645238.initDone", true); Deleted : user_pref("CT2645238.isAppTrackingManagerOn", true); Deleted : user_pref("CT2645238.myStuffEnabled", true); Deleted : user_pref("CT2645238.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2645238.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2645238.revertSettingsEnabled", true); Deleted : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2645238.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2645238.testingCtid", ""); Deleted : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Sun Aug 05 2012 10:11:03 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Fri Jun 22 2012 12:59:16 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CT2645238.usagesFlag", 2); Deleted : user_pref("CT3015261..clientLogIsEnabled", true); Deleted : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3015261.AppTrackingLastCheckTime", "Sat Aug 06 2011 10:09:59 GMT+0100 (GMT Daylight Tim[...] Deleted : user_pref("CT3015261.CTID", "CT3015261"); Deleted : user_pref("CT3015261.CurrentServerDate", "7-8-2011"); Deleted : user_pref("CT3015261.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight T[...] Deleted : user_pref("CT3015261.DownloadReferralCookieData", ""); Deleted : user_pref("CT3015261.EMailNotifierPollDate", "Sat Aug 06 2011 11:01:41 GMT+0100 (GMT Daylight Time)"[...] Deleted : user_pref("CT3015261.FirstServerDate", "6-8-2011"); Deleted : user_pref("CT3015261.FirstTime", true); Deleted : user_pref("CT3015261.FirstTimeFF3", true); Deleted : user_pref("CT3015261.FixPageNotFoundErrors", true); Deleted : user_pref("CT3015261.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3015261.HasUserGlobalKeys", true); Deleted : user_pref("CT3015261.HomePageProtectorEnabled", false); Deleted : user_pref("CT3015261.Initialize", true); Deleted : user_pref("CT3015261.InitializeCommonPrefs", true); Deleted : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe"); Deleted : user_pref("CT3015261.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT3015261.InstalledDate", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT3015261.IsAlertDBUpdated", true); Deleted : user_pref("CT3015261.IsGrouping", false); Deleted : user_pref("CT3015261.IsInitSetupIni", true); Deleted : user_pref("CT3015261.IsMulticommunity", false); Deleted : user_pref("CT3015261.IsOpenThankYouPage", false); Deleted : user_pref("CT3015261.IsOpenUninstallPage", false); Deleted : user_pref("CT3015261.LanguagePackLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight Ti[...] Deleted : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3015261.LastLogin_3.5.1.1", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT3015261.LatestVersion", "3.3.5.1"); Deleted : user_pref("CT3015261.Locale", "en"); Deleted : user_pref("CT3015261.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3015261.MCDetectTooltipShow", false); Deleted : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3015261.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3015261.MyStuffEnabledAtInstallation", false); Deleted : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1"); Deleted : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Deleted : user_pref("CT3015261.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...] Deleted : user_pref("CT3015261.SearchInNewTabEnabled", true); Deleted : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight [...] Deleted : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT3015261.SearchProtectorEnabled", false); Deleted : user_pref("CT3015261.SearchProtectorToolbarDisabled", true); Deleted : user_pref("CT3015261.ServiceMapLastCheckTime", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Daylight Time[...] Deleted : user_pref("CT3015261.SettingsLastCheckTime", "Sun Aug 07 2011 06:51:02 GMT+0100 (GMT Daylight Time)"[...] Deleted : user_pref("CT3015261.SettingsLastUpdate", "1311168858"); Deleted : user_pref("CT3015261.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Dayligh[...] Deleted : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1246786978"); Deleted : user_pref("CT3015261.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261"); Deleted : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3015261.UserID", "UN29909517275356115"); Deleted : user_pref("CT3015261.ValidationData_Search", 2); Deleted : user_pref("CT3015261.ValidationData_Toolbar", 2); Deleted : user_pref("CT3015261.alertChannelId", "1406927"); Deleted : user_pref("CT3015261.approveUntrustedApps", true); Deleted : user_pref("CT3015261.backendstorage.youtube_user_first_login_date", "30382F30372F32303131"); Deleted : user_pref("CT3015261.backendstorage.youtube_user_survey_visit", "4E4F545F56495349544544"); Deleted : user_pref("CT3015261.backendstorage.youtubelang", "5553"); Deleted : user_pref("CT3015261.components.1000034", false); Deleted : user_pref("CT3015261.components.129506578327572375", false); Deleted : user_pref("CT3015261.components.129506578328099741", false); Deleted : user_pref("CT3015261.components.129506578328177870", false); Deleted : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Dayl[...] Deleted : user_pref("CT3015261.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3015261.initDone", true); Deleted : user_pref("CT3015261.isAppTrackingManagerOn", true); Deleted : user_pref("CT3015261.myStuffEnabled", true); Deleted : user_pref("CT3015261.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3015261.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...] Deleted : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3015261.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3015261.testingCtid", ""); Deleted : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CT3015261.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/UK", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/UK", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/6340849608501725[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3015261,CT2645238"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261,CT2645238"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261,CT2645238"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 06 2011 10:09:52 GMT+0100 (GMT[...] Deleted : user_pref("CommunityToolbar.globalUserId", "a29860f5-c187-4efc-91d4-fe8b2af9f40f"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 22 2012 12:59:1[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 22 2012 14:05:35 GMT+010[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 22 2012 12:59:08 GMT+0100 (G[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "50271d6e-f331-4238-b586-bfb3d8314667"); Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] ************************* AdwCleaner[R1].txt - [22939 octets] - [12/01/2013 18:11:17] AdwCleaner[R2].txt - [23000 octets] - [12/01/2013 20:00:28] AdwCleaner[R3].txt - [23061 octets] - [12/01/2013 20:01:00] AdwCleaner[s1].txt - [23626 octets] - [12/01/2013 20:01:29] ########## EOF - C:\AdwCleaner[s1].txt - [23687 octets] ##########
-
No we should delete if its best, I'm just blind to the consequences, what should I do next.
-
I am a little lost here. Are we deleting firefox profiles or elements within the profiles. Are some of these bookmarks ? What may occur once the items are deleted ? # AdwCleaner v2.105 - Logfile created 01/12/2013 at 18:11:17 # Updated 08/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - DELL # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\user.js Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions\staged Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\ConduitCommon Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit ***** [Registry] ***** Key Found : HKCU\Software\Headlight Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3015261 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKU\S-1-5-21-1409082233-308236825-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\prefs.js Found : user_pref("CT2645238..clientLogIsEnabled", false); Found : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2645238.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2645238.CTID", "CT2645238"); Found : user_pref("CT2645238.CurrentServerDate", "6-8-2012"); Found : user_pref("CT2645238.DSInstall", false); Found : user_pref("CT2645238.DialogsAlignMode", "LTR"); Found : user_pref("CT2645238.DialogsGetterLastCheckTime", "Mon Aug 06 2012 07:00:20 GMT+0100 (GMT Daylight T[...] Found : user_pref("CT2645238.DownloadReferralCookieData", ""); Found : user_pref("CT2645238.EMailNotifierPollDate", "Sat Jun 23 2012 10:51:02 GMT+0100 (GMT Daylight Time)"[...] Found : user_pref("CT2645238.FirstServerDate", "22-6-2012"); Found : user_pref("CT2645238.FirstTime", true); Found : user_pref("CT2645238.FirstTimeFF3", true); Found : user_pref("CT2645238.FixPageNotFoundErrors", true); Found : user_pref("CT2645238.GroupingServerCheckInterval", 1440); Found : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2645238.HPInstall", false); Found : user_pref("CT2645238.HasUserGlobalKeys", true); Found : user_pref("CT2645238.HomePageProtectorEnabled", false); Found : user_pref("CT2645238.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties"); Found : user_pref("CT2645238.Initialize", true); Found : user_pref("CT2645238.InitializeCommonPrefs", true); Found : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2645238.InstallationId", "ct2645238_zonealarm_security.exe"); Found : user_pref("CT2645238.InstallationType", "ConduitXPEIntegration"); Found : user_pref("CT2645238.InstalledDate", "Fri Jun 22 2012 12:59:12 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT2645238.IsAlertDBUpdated", true); Found : user_pref("CT2645238.IsGrouping", false); Found : user_pref("CT2645238.IsInitSetupIni", true); Found : user_pref("CT2645238.IsMulticommunity", false); Found : user_pref("CT2645238.IsOpenThankYouPage", false); Found : user_pref("CT2645238.IsOpenUninstallPage", false); Found : user_pref("CT2645238.LanguagePackLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Ti[...] Found : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2645238.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:32:58 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT2645238.LastLogin_3.14.1.0", "Mon Aug 06 2012 06:48:37 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT2645238.LastLogin_3.9.0.3", "Sat Jun 23 2012 06:44:56 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT2645238.LatestVersion", "3.14.1.0"); Found : user_pref("CT2645238.Locale", "en"); Found : user_pref("CT2645238.MCDetectTooltipHeight", "83"); Found : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2645238.MCDetectTooltipWidth", "295"); Found : user_pref("CT2645238.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2645238.OriginalFirstVersion", "3.9.0.3"); Found : user_pref("CT2645238.SearchCaption", "ZoneAlarm Security Customized Web Search"); Found : user_pref("CT2645238.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Found : user_pref("CT2645238.SearchFromAddressBarIsInit", true); Found : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...] Found : user_pref("CT2645238.SearchInNewTabEnabled", true); Found : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight [...] Found : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2645238.SearchProtectorEnabled", false); Found : user_pref("CT2645238.SearchProtectorToolbarDisabled", true); Found : user_pref("CT2645238.SendProtectorDataViaLogin", true); Found : user_pref("CT2645238.ServiceMapLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Time[...] Found : user_pref("CT2645238.SettingsLastCheckTime", "Mon Aug 06 2012 06:48:36 GMT+0100 (GMT Daylight Time)"[...] Found : user_pref("CT2645238.SettingsLastUpdate", "1342353030"); Found : user_pref("CT2645238.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13"); Found : user_pref("CT2645238.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Sat Jun 23 2012 07:37:29 GMT+0100 (GMT Dayligh[...] Found : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT2645238.ToolbarDisabled", true); Found : user_pref("CT2645238.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238"); Found : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2645238.UserID", "UN41505695258218955"); Found : user_pref("CT2645238.ValidationData_Search", 0); Found : user_pref("CT2645238.ValidationData_Toolbar", 2); Found : user_pref("CT2645238.alertChannelId", "1037922"); Found : user_pref("CT2645238.autoDisableScopes", -1); Found : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Fri Jun 22 2012 12:59:13 GMT+0100 (GMT Dayl[...] Found : user_pref("CT2645238.homepageProtectorEnableByLogin", true); Found : user_pref("CT2645238.initDone", true); Found : user_pref("CT2645238.isAppTrackingManagerOn", true); Found : user_pref("CT2645238.myStuffEnabled", true); Found : user_pref("CT2645238.myStuffPublihserMinWidth", 400); Found : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2645238.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2645238.revertSettingsEnabled", true); Found : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2645238.searchProtectorEnableByLogin", true); Found : user_pref("CT2645238.testingCtid", ""); Found : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Sun Aug 05 2012 10:11:03 GMT+0100 (GMT Dayli[...] Found : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Fri Jun 22 2012 12:59:16 GMT+0100 (GMT Dayli[...] Found : user_pref("CT2645238.usagesFlag", 2); Found : user_pref("CT3015261..clientLogIsEnabled", true); Found : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3015261.AppTrackingLastCheckTime", "Sat Aug 06 2011 10:09:59 GMT+0100 (GMT Daylight Tim[...] Found : user_pref("CT3015261.CTID", "CT3015261"); Found : user_pref("CT3015261.CurrentServerDate", "7-8-2011"); Found : user_pref("CT3015261.DialogsAlignMode", "LTR"); Found : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight T[...] Found : user_pref("CT3015261.DownloadReferralCookieData", ""); Found : user_pref("CT3015261.EMailNotifierPollDate", "Sat Aug 06 2011 11:01:41 GMT+0100 (GMT Daylight Time)"[...] Found : user_pref("CT3015261.FirstServerDate", "6-8-2011"); Found : user_pref("CT3015261.FirstTime", true); Found : user_pref("CT3015261.FirstTimeFF3", true); Found : user_pref("CT3015261.FixPageNotFoundErrors", true); Found : user_pref("CT3015261.GroupingServerCheckInterval", 1440); Found : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3015261.HasUserGlobalKeys", true); Found : user_pref("CT3015261.HomePageProtectorEnabled", false); Found : user_pref("CT3015261.Initialize", true); Found : user_pref("CT3015261.InitializeCommonPrefs", true); Found : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe"); Found : user_pref("CT3015261.InstallationType", "ConduitIntegration"); Found : user_pref("CT3015261.InstalledDate", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT3015261.IsAlertDBUpdated", true); Found : user_pref("CT3015261.IsGrouping", false); Found : user_pref("CT3015261.IsInitSetupIni", true); Found : user_pref("CT3015261.IsMulticommunity", false); Found : user_pref("CT3015261.IsOpenThankYouPage", false); Found : user_pref("CT3015261.IsOpenUninstallPage", false); Found : user_pref("CT3015261.LanguagePackLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight Ti[...] Found : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3015261.LastLogin_3.5.1.1", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT3015261.LatestVersion", "3.3.5.1"); Found : user_pref("CT3015261.Locale", "en"); Found : user_pref("CT3015261.MCDetectTooltipHeight", "83"); Found : user_pref("CT3015261.MCDetectTooltipShow", false); Found : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3015261.MCDetectTooltipWidth", "295"); Found : user_pref("CT3015261.MyStuffEnabledAtInstallation", false); Found : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1"); Found : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Found : user_pref("CT3015261.SearchFromAddressBarIsInit", true); Found : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...] Found : user_pref("CT3015261.SearchInNewTabEnabled", true); Found : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight [...] Found : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT3015261.SearchProtectorEnabled", false); Found : user_pref("CT3015261.SearchProtectorToolbarDisabled", true); Found : user_pref("CT3015261.ServiceMapLastCheckTime", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Daylight Time[...] Found : user_pref("CT3015261.SettingsLastCheckTime", "Sun Aug 07 2011 06:51:02 GMT+0100 (GMT Daylight Time)"[...] Found : user_pref("CT3015261.SettingsLastUpdate", "1311168858"); Found : user_pref("CT3015261.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Dayligh[...] Found : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1246786978"); Found : user_pref("CT3015261.ToolbarShrinkedFromSetup", false); Found : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261"); Found : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3015261.UserID", "UN29909517275356115"); Found : user_pref("CT3015261.ValidationData_Search", 2); Found : user_pref("CT3015261.ValidationData_Toolbar", 2); Found : user_pref("CT3015261.alertChannelId", "1406927"); Found : user_pref("CT3015261.approveUntrustedApps", true); Found : user_pref("CT3015261.backendstorage.youtube_user_first_login_date", "30382F30372F32303131"); Found : user_pref("CT3015261.backendstorage.youtube_user_survey_visit", "4E4F545F56495349544544"); Found : user_pref("CT3015261.backendstorage.youtubelang", "5553"); Found : user_pref("CT3015261.components.1000034", false); Found : user_pref("CT3015261.components.129506578327572375", false); Found : user_pref("CT3015261.components.129506578328099741", false); Found : user_pref("CT3015261.components.129506578328177870", false); Found : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Dayl[...] Found : user_pref("CT3015261.homepageProtectorEnableByLogin", true); Found : user_pref("CT3015261.initDone", true); Found : user_pref("CT3015261.isAppTrackingManagerOn", true); Found : user_pref("CT3015261.myStuffEnabled", true); Found : user_pref("CT3015261.myStuffPublihserMinWidth", 400); Found : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3015261.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...] Found : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3015261.searchProtectorEnableByLogin", true); Found : user_pref("CT3015261.testingCtid", ""); Found : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Dayli[...] Found : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Dayli[...] Found : user_pref("CT3015261.usagesFlag", 2); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/UK", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/UK", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/6340849608501725[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT3015261,CT2645238"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261,CT2645238"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261,CT2645238"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 06 2011 10:09:52 GMT+0100 (GMT[...] Found : user_pref("CommunityToolbar.globalUserId", "a29860f5-c187-4efc-91d4-fe8b2af9f40f"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261"); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 22 2012 12:59:1[...] Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 22 2012 14:05:35 GMT+010[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 22 2012 12:59:08 GMT+0100 (G[...] Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "50271d6e-f331-4238-b586-bfb3d8314667"); Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] ************************* AdwCleaner[R1].txt - [22808 octets] - [12/01/2013 18:11:17] ########## EOF - C:\AdwCleaner[R1].txt - [22869 octets] ##########
-
"%userprofile%\desktop\combofix.exe" /nombrComboFix 13-01-12.01 - Administrator 12/01/2013 17:18:11.1.2 - x86 Running from: c:\documents and settings\Administrator\desktop\combofix.exe Command switches used :: /nombr * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\windows\CTL3D.1 c:\windows\system\Color . . ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))) . . 2013-01-12 01:11 . 2013-01-12 01:11 -------- d-----w- C:\_OTL 2013-01-08 15:08 . 2013-01-08 15:08 196665 -c--a-w- c:\windows\system32\dllcache\imjpinst.exe 2013-01-04 06:58 . 2012-06-02 15:18 275696 ----a-w- c:\windows\system32\mucltui.dll 2013-01-03 16:52 . 2013-01-03 16:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2013-01-03 16:48 . 2013-01-03 16:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Secunia PSI 2013-01-03 16:48 . 2013-01-03 16:48 -------- d-----w- c:\program files\Secunia 2012-12-26 10:27 . 2012-12-27 07:52 -------- d-----w- c:\program files\SpywareBlaster 2012-12-24 09:15 . 2012-12-24 09:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun 2012-12-24 09:03 . 2012-12-24 09:03 -------- d-----w- c:\program files\Common Files\Java 2012-12-24 09:03 . 2012-12-24 09:02 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-24 09:02 . 2012-12-24 09:02 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-22 16:11 . 2012-12-23 10:13 -------- d-----w- c:\documents and settings\Administrator\Doctor Web 2012-12-22 11:31 . 2012-12-22 11:31 -------- d-----w- c:\program files\Panda Security 2012-12-21 17:00 . 2012-12-21 17:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Check Point Software Technologies LTD 2012-12-20 20:41 . 2012-12-20 20:41 -------- d-----w- c:\program files\Check Point Software Technologies LTD 2012-12-20 20:40 . 2012-12-20 20:42 -------- d-----w- c:\program files\CheckPoint 2012-12-19 16:07 . 2012-12-19 16:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira 2012-12-19 16:01 . 2012-11-27 10:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-12-19 16:01 . 2012-11-22 15:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-12-19 16:01 . 2012-11-22 15:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-12-19 16:01 . 2012-12-19 16:01 -------- d-----w- c:\program files\Avira 2012-12-19 16:01 . 2012-12-19 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2012-12-18 16:49 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll 2012-12-18 16:49 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2012-12-18 16:49 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll 2012-12-18 16:49 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2012-12-18 16:49 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys 2012-12-17 19:42 . 2012-12-17 19:42 395744 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-12-17 19:42 . 2012-12-17 19:42 114048 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-12-17 19:42 . 2012-12-17 19:42 -------- d-----w- c:\program files\Common Files\Acronis 2012-12-17 19:42 . 2012-12-17 19:42 -------- d-----w- c:\program files\Acronis 2012-12-17 13:25 . 2008-04-14 05:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2012-12-17 13:25 . 2008-04-14 05:41 21504 ----a-w- c:\windows\system32\hidserv.dll 2012-12-17 13:21 . 2012-12-17 13:21 -------- d--h--w- c:\windows\system32\GroupPolicy 2012-12-16 08:11 . 2012-12-16 08:12 -------- d-----w- c:\program files\ERUNT 2012-12-15 13:15 . 2012-12-15 13:44 -------- d-----w- c:\program files\trend micro . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-12 14:05 . 2012-04-09 09:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-12 14:05 . 2011-05-24 10:38 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-24 09:02 . 2012-06-21 17:27 859072 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-24 09:02 . 2010-06-24 16:25 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-17 19:42 . 2010-01-27 15:29 39264 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2012-12-16 12:23 . 2004-08-12 13:17 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 16:49 . 2012-03-27 06:58 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-13 01:25 . 2004-08-12 13:33 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2009-08-28 11:44 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-12 13:18 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-12 13:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec 2013-01-11 10:25 . 2013-01-11 10:24 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-07 73392] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2006-10-16 21:13 87584 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] 2006-10-16 21:17 1941784 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2012-12-04 15:36 384800 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 04:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 16:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 09:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2006-10-16 21:12 1164912 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x] R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys [x] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x] S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WINMGMT . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-01-08 c:\windows\Tasks\mbam full scan.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49] . 2013-01-12 c:\windows\Tasks\mbam scan.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49] . 2013-01-12 c:\windows\Tasks\mbam.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49] . 2013-01-11 c:\windows\Tasks\SyncBack BACKUP OF DATA.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-01-28 15:42] . 2013-01-12 c:\windows\Tasks\SyncBack daily.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-01-28 15:42] . 2012-05-19 c:\windows\Tasks\wavepadShakeIcon.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-08-06 15:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Download Flash with Flash &Grabber - c:\progra~1\FLASHG~1\swfgrab.dll/iesave IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - ExtSQL: 2012-12-06 08:11; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi FF - ExtSQL: 2012-12-20 20:42; ffxtlbr@zonealarm.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\ffxtlbr@zonealarm.com FF - ExtSQL: 2012-12-20 20:42; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.newTab - false FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN116050713161252-1043&toolbarId=base&affiliateId=1043&Lan={dfltLng}&utid=a886ccab0000000000000019b92f743a&q= FF - user.js: extensions.zonealarm.id - a886ccab0000000000000019b92f743a FF - user.js: extensions.zonealarm.instlDay - 15694 FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4 FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.420:41 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1043 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN116050713161252-1043 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . . ------- File Associations ------- . .reg= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - (no file) HKLM-Run-ISW - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-12 17:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1409082233-308236825-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,01,6e,95,85,24,cb,46,98,0e,52,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,01,6e,95,85,24,cb,46,98,0e,52,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,09,94,b5,fa,f4,b5,4c,ad,d9,94,\ . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(896) c:\windows\system32\relog_ap.dll . Completion time: 2013-01-12 17:34:37 ComboFix-quarantined-files.txt 2013-01-12 17:34 . Pre-Run: 8,221,978,624 bytes free Post-Run: 8,225,382,400 bytes free . - - End Of File - - 81720C3131722C7B4419220865F6F89E
-
Hi....its now an hour since I started Combo and it still hasn't scanned, the machine is frozen so I will power it down on the tower. Maybe of interest, Startup in ccleaner is shwing enabled programs for forewall and anti-virus once both have been disabled in idesktop icons, bottom right. Just got your reply and will try that
-
I have disconnected the machine from the internet. Combofix has been running for 20 mins and has not gone beyond.......... Scanning for infected files Typically.........................10 mins However.........................................................easily double no flashing cursur after that It looks as though the system is frozen, clock is fixed on Combo start time, which happened when we tried to use ComboFix with our last problem you dealt with. Have disabled Firewall and Antivirus in icons bottom right of desktop. I will leave Combofix in its present frozen state untill I hear back from you.
-
Hi............as discussed windows security centre has been disabled by the trojan. I have disabled the web security element of Zonealarms firewall but since I assume the windows firewall is inactive can I run Combo with the firewall active?
-
Hi Again.................was looking for solutions to Security Centre when Avira Anti Virus flagged up TR/Kazy.134631.1 which is the same exercise you found last night. Its now in Avira's quarantine with a file name of C:\_OTL\Moved File\01112013_201102\C_Documents& Settings\Admin............\wgsdgsdgdsgsd.exe
-
Hi Panda Cloud Cleaner came up with this suspicious policy. Should I ignore it? Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sUPERHIDDEN] to be changed to: 0
-
I forgot add that I used fixdamage.exe but that failed to deal with Security Essentials. In windows the message.............. Windows firewall setting cannot be displayed because associated service is not running. Do you want to start Windows Firewall / Internet Connecting Sharing (ICS) service. Saying Yes to this I get................ Windows cannot start (ICS) service. If neccessary I can recover to a True Image Backup.
-
No Malware found with rootkit. Windows update and internet connection working. Have lost secrity essentials. Tried to start but failed as below. Method 3: Restart the Security Center service. a. Click Start, Click Run, type “services.msc” (without quotes) and press Enter. b. Double-click "Security Center" service. Click Stop, click Start. Dialog box showing start, clicked it and got......"Could not start the Security Centre service on local computer. Error 1075: the dependancy service does not exist or has been marked for deletion." Zonealarm Pro firewall working. Have started using the PC again with internet connection live. Malwarebytes Anti-Rootkit BETA 1.01.0.1016 www.malwarebytes.org Database version: v2013.01.12.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: DELL [administrator] 12/01/2013 07:57:28 mbar-log-2013-01-12 (07-57-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 24645 Time elapsed: 7 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1016 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.000000 GHz Memory total: 1038856192, free: 508006400 ------------ Kernel report ------------ 01/12/2013 07:46:37 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys KSecDD.sys Ntfs.sys NDIS.sys timntr.sys uagp35.sys snapman.sys Mup.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\sisnic.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\flpydisk.sys \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\System32\vsdatant.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\ssmdrv.sys \SystemRoot\system32\DRIVERS\rdbss.sys \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\avipbb.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\framebuf.dll \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\system32\DRIVERS\tifsfilt.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\System32\Drivers\ParVdm.SYS \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\psi_mf.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff85f89ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\ Lower Device Object: 0xffffffff85fc7940 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Load Function returned 0x0 Downloaded database version: v2013.01.12.05 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1016 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.992000 GHz Memory total: 2138025984, free: 1684660224 ------------ Kernel report ------------ 01/12/2013 07:49:18 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys PCIIde.sys \WINDOWS\System32\Drivers\PCIIDEX.SYS intelide.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys KSecDD.sys Ntfs.sys NDIS.sys timntr.sys snapman.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS Mup.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\ialmnt5.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\e1000325.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\incdrm.SYS \SystemRoot\System32\DRIVERS\InCDPass.sys \SystemRoot\system32\drivers\smwdm.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\senfilt.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\InCDrec.SYS \SystemRoot\System32\Drivers\InCDfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\System32\vsdatant.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\ssmdrv.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\avipbb.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ialmdnt5.dll \SystemRoot\System32\ialmrnt5.dll \SystemRoot\System32\ialmdev5.DLL \SystemRoot\System32\ialmdd5.DLL \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\system32\DRIVERS\tifsfilt.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\ParVdm.SYS \SystemRoot\System32\Drivers\Aspi32.SYS \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\sr.sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR6 Upper Device Object: 0xffffffff897ac888 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000069\ Lower Device Object: 0xffffffff89f76030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a6bbab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\ Lower Device Object: 0xffffffff8a6f4d98 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Load Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a6bbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a69a9e0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8a698908, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a6bbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a6f4d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe186e300, 0xffffffff8a6bbab8, 0xffffffff8971f708 Lower DeviceData: 0xffffffffe30405a0, 0xffffffff8a6f4d98, 0xffffffff896fe560 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: A1CCA1CC Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 36885177 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 36885240 Numsec = 48034350 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 84919590 Numsec = 71392860 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 80032038912 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-156292576-156312576)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff897ac888, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff89d63ca0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff89827ac0, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff897ac888, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff89f76030, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xffffffffe3045130, 0xffffffff897ac888, 0xffffffff8986e6c8 Lower DeviceData: 0xffffffffe3062440, 0xffffffff89f76030, 0xffffffff89718480 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: FFE89CEC Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 44 Numsec = 15679396 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 8036285952 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Done! Scan finished =======================================
-
Boot up was fine, a little slow. Needed to play to reconnect to internet but solved and working. Great news and many thanks. I guess there is more to do. I have disconnected the infected PC from internet till I hear from you
-
========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt deleted successfully. C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe moved successfully. Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ not found. winmgmt removed from NetSvcs value successfully! File C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe not found. File C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe not found. C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad moved successfully. C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js moved successfully. C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk moved successfully. File C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe not found. File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js not found. File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk not found. File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad not found. ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully. OTLPE by OldTimer - Version 3.1.48.0 log created on 01112013_201102
-
OTL logfile created on: 1/11/2013 6:26:24 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 17.59 Gb Total Space | 7.88 Gb Free Space | 44.83% Space Free | Partition Type: NTFS Drive D: | 22.90 Gb Total Space | 7.65 Gb Free Space | 33.40% Space Free | Partition Type: NTFS Drive E: | 34.04 Gb Total Space | 12.71 Gb Free Space | 37.32% Space Free | Partition Type: NTFS Drive F: | 7.46 Gb Total Space | 7.46 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2013/01/11 08:06:33 | 000,184,832 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe -- (winmgmt) SRV - [2012/12/04 07:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/12/04 07:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/11/26 09:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012/11/26 09:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012/11/07 14:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012/11/02 13:17:02 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2011/03/29 09:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus® SRV - [2011/01/28 07:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2010/03/29 02:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2006/10/16 16:13:28 | 000,230,944 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2005/09/20 11:05:32 | 000,877,056 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | System] -- -- (SBRE) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [File_System | Boot] -- -- (Lbd) DRV - File not found [Kernel | On_Demand] -- -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012/12/23 11:40:49 | 000,035,144 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2012/12/17 14:42:41 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2012/12/17 14:42:41 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2012/12/17 14:42:38 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2012/11/27 05:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/11/22 10:51:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/11/22 10:50:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012/11/07 14:23:46 | 000,527,408 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant) DRV - [2012/11/02 13:17:16 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012/08/27 09:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI) DRV - [2010/01/20 11:53:06 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2010/01/20 11:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2008/04/13 18:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2007/06/19 03:56:57 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP) DRV - [2005/09/20 10:57:52 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2005/09/20 10:57:48 | 000,101,760 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2005/09/20 10:57:26 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2005/09/20 09:57:20 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm) DRV - [2004/09/17 03:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2002/06/21 09:39:28 | 000,469,935 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50) DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\Administrator_ON_C\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/12/20 15:42:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 05:25:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/11 05:24:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/09 14:01:05 | 000,000,000 | ---D | M] [2010/03/02 11:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010/03/02 11:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/06/21 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions [2012/12/20 15:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions\staged [2012/12/20 15:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions [2010/06/24 07:05:30 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012/12/20 15:42:38 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\ffxtlbr@zonealarm.com [2013/01/11 05:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/01/11 05:24:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/01/11 05:25:03 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/08/30 05:15:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/12/24 03:20:42 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/12/22 11:21:07 | 000,000,786 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - Reg Error: Value error. File not found O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2011/05/10 02:11:00 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/02/15 06:49:21 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108831 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108831 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341986214343 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357231945390 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:AutorunsDisabled () - O24 - Desktop WallPaper: C:\WINDOWS\Untitled.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Untitled.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/07/26 09:42:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{a04af742-3b8c-11dc-aa28-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{a04af742-3b8c-11dc-aa28-806d6172696f}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: winmgmt - C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe (Корпорация Майкрософт) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2013/01/11 08:06:33 | 000,184,832 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe [2013/01/11 07:00:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2013/01/11 05:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/11 05:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ethiopia-forces-human-rights-funding_files [2013/01/09 05:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desert holidays htm._files [2013/01/08 09:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Rosenbaum on adam curtis_files [2013/01/08 06:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\wild river htm._files [2013/01/07 08:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\patwardhan war and peace htm_files [2013/01/07 07:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\patwardhan_files [2013/01/07 05:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\quince caramelised duck breasts_files [2013/01/07 05:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\quince-recipes-hugh-fearnley-whittingstall_files [2013/01/06 05:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\sylvia plath and hughes_files [2013/01/05 04:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\warm-chicken-salad-recipe-ottolenghi_files [2013/01/04 01:58:22 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2013/01/04 01:58:22 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2013/01/03 11:56:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/01/03 11:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop [2013/01/03 11:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Start Menu [2013/01/03 11:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2013/01/03 11:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2013/01/03 11:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2013/01/03 11:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Secunia PSI [2013/01/03 11:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2012/12/30 04:09:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1 [2012/12/26 05:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster [2012/12/26 05:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2012/12/25 04:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Prestige customer assistance - Prestige.co.uk_files [2012/12/24 12:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\films about the financial crisis_files [2012/12/24 08:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\0 Works12 [2012/12/24 04:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun [2012/12/24 04:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/12/24 04:03:00 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/12/24 04:02:59 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/12/24 04:02:46 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/12/24 04:02:46 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/12/24 04:02:46 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/12/22 11:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Doctor Web [2012/12/22 06:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012/12/22 06:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security [2012/12/21 12:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD [2012/12/20 15:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ForceField Shared Files [2012/12/20 15:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point [2012/12/20 15:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD [2012/12/20 15:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2012/12/19 12:30:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012/12/19 11:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira [2012/12/19 11:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2012/12/19 11:01:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012/12/19 11:01:52 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012/12/19 11:01:52 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012/12/19 11:01:52 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012/12/19 11:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/12/19 11:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2012/12/19 10:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\0 news [2012/12/19 08:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis [2012/12/18 11:49:03 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll [2012/12/18 11:49:03 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll [2012/12/18 11:49:03 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll [2012/12/18 11:49:03 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll [2012/12/18 11:49:03 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys [2012/12/18 09:20:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/12/17 14:42:41 | 000,395,744 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys [2012/12/17 14:42:38 | 000,114,048 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys [2012/12/17 14:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acronis [2012/12/17 14:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis [2012/12/17 14:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis [2012/12/17 12:17:22 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/12/17 08:35:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acronis [2012/12/17 08:25:07 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll [2012/12/17 08:21:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2012/12/16 03:12:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/12/16 03:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/12/16 03:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/12/15 08:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2012/12/15 07:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\quince and chicken livers_files ========== Files - Modified Within 30 Days ========== [2013/01/11 11:51:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/01/11 08:34:59 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\mbam.job [2013/01/11 08:34:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/01/11 08:33:00 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad [2013/01/11 08:06:36 | 000,003,022 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js [2013/01/11 08:06:36 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk [2013/01/11 08:06:33 | 000,184,832 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe [2013/01/11 05:14:32 | 000,232,450 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ethiopia-forces-human-rights-funding.htm [2013/01/11 04:05:30 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\mbam scan.job [2013/01/11 03:11:11 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack BACKUP OF DATA.job [2013/01/11 02:26:43 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack daily.job [2013/01/11 01:58:22 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk [2013/01/09 05:40:58 | 000,287,239 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\desert holidays htm..htm [2013/01/08 10:08:18 | 000,196,665 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2013/01/08 09:59:24 | 000,016,186 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Gavi La Battistina 2011.odt [2013/01/08 09:29:26 | 000,158,877 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Rosenbaum on adam curtis.htm [2013/01/08 07:11:37 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\mbam full scan.job [2013/01/08 06:03:38 | 000,097,291 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\wild river htm..htm [2013/01/07 08:02:59 | 000,028,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan war and peace htm.htm [2013/01/07 07:39:03 | 000,017,483 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan.htm [2013/01/07 05:38:40 | 000,106,276 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quince caramelised duck breasts.htm [2013/01/07 05:32:33 | 000,280,933 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quince-recipes-hugh-fearnley-whittingstall.htm [2013/01/06 14:12:44 | 000,148,773 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\axum deleted.odt [2013/01/06 05:43:30 | 000,307,425 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\sylvia plath and hughes.htm [2013/01/05 04:54:48 | 000,268,646 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\warm-chicken-salad-recipe-ottolenghi.htm [2013/01/05 03:42:08 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\recipes.lnk [2013/01/03 12:05:40 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup [2013/01/03 12:04:14 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\soffice.exe.lnk [2013/01/03 11:53:38 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\NetworkService\Desktop\SyncBack.lnk [2013/01/03 11:52:02 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2013/01/03 11:48:17 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk [2013/01/03 04:00:27 | 000,042,370 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Newly discovered world wonders.odt [2013/01/03 03:35:15 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2013/01/01 17:47:48 | 000,026,603 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\change of view.odt [2012/12/30 09:36:04 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/30 04:11:07 | 000,026,181 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mughal India.odt [2012/12/30 04:09:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1 [2012/12/28 09:31:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/26 05:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster [2012/12/25 04:50:23 | 000,023,962 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Prestige customer assistance - Prestige.co.uk.htm [2012/12/24 12:25:17 | 000,131,786 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\films about the financial crisis.htm [2012/12/24 11:52:27 | 000,021,313 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\clean up.odt [2012/12/24 04:02:36 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/12/24 04:02:35 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/12/24 04:02:35 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/12/24 04:02:35 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/12/24 04:02:35 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/12/24 04:02:34 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2012/12/24 04:02:34 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012/12/24 03:28:55 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/12/24 03:28:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/12/23 11:40:49 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2012/12/22 11:21:07 | 000,000,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/12/22 06:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security [2012/12/21 02:01:13 | 000,071,707 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\stolen data.odt [2012/12/20 15:44:50 | 000,411,125 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2012/12/20 15:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point [2012/12/20 15:41:04 | 000,000,251 | ---- | M] () -- C:\user.js [2012/12/19 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2012/12/17 14:42:41 | 000,395,744 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys [2012/12/17 14:42:41 | 000,039,264 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys [2012/12/17 14:42:38 | 000,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys [2012/12/17 14:42:37 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 10.0.lnk [2012/12/17 14:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acronis [2012/12/17 12:17:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/12/17 04:52:41 | 000,000,453 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\0 toshiba n 550d.lnk [2012/12/17 04:26:49 | 000,001,220 | ---- | M] () -- C:\WINDOWS\PHOTOHSE.INI [2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012/12/16 03:34:27 | 000,017,628 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\rogue killer.odt [2012/12/16 03:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/12/15 07:40:16 | 000,195,798 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quince and chicken livers.htm [2012/12/14 11:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013/01/11 08:06:36 | 000,003,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js [2013/01/11 08:06:36 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk [2013/01/11 08:06:34 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad [2013/01/11 05:14:29 | 000,232,450 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ethiopia-forces-human-rights-funding.htm [2013/01/09 05:40:54 | 000,287,239 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\desert holidays htm..htm [2013/01/08 10:08:18 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2013/01/08 09:59:23 | 000,016,186 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Gavi La Battistina 2011.odt [2013/01/08 09:29:22 | 000,158,877 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Rosenbaum on adam curtis.htm [2013/01/08 06:03:29 | 000,097,291 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\wild river htm..htm [2013/01/07 08:02:59 | 000,028,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan war and peace htm.htm [2013/01/07 07:39:01 | 000,017,483 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan.htm [2013/01/07 05:38:39 | 000,106,276 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quince caramelised duck breasts.htm [2013/01/07 05:32:30 | 000,280,933 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quince-recipes-hugh-fearnley-whittingstall.htm [2013/01/06 14:12:44 | 000,148,773 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\axum deleted.odt [2013/01/06 05:43:26 | 000,307,425 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\sylvia plath and hughes.htm [2013/01/05 04:54:45 | 000,268,646 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\warm-chicken-salad-recipe-ottolenghi.htm [2013/01/05 03:42:08 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\recipes.lnk [2013/01/03 12:04:14 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\soffice.exe.lnk [2013/01/03 11:53:38 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\NetworkService\Desktop\SyncBack.lnk [2013/01/03 11:48:17 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk [2013/01/03 04:00:27 | 000,042,370 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Newly discovered world wonders.odt [2013/01/03 03:35:15 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2013/01/03 02:33:41 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\mbam full scan.job [2013/01/01 17:46:12 | 000,026,603 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\change of view.odt [2012/12/30 03:16:16 | 000,026,181 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mughal India.odt [2012/12/29 06:31:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\mbam scan.job [2012/12/29 06:27:20 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\mbam.job [2012/12/25 04:50:20 | 000,023,962 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Prestige customer assistance - Prestige.co.uk.htm [2012/12/24 12:25:14 | 000,131,786 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\films about the financial crisis.htm [2012/12/24 10:35:15 | 000,021,313 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\clean up.odt [2012/12/24 03:33:58 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk [2012/12/23 11:40:49 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2012/12/21 02:01:03 | 000,071,707 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\stolen data.odt [2012/12/20 15:42:51 | 000,411,125 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2012/12/17 14:42:37 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 10.0.lnk [2012/12/17 12:17:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/12/17 12:17:22 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/12/17 04:52:41 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\0 toshiba n 550d.lnk [2012/12/16 03:34:27 | 000,017,628 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\rogue killer.odt [2012/12/15 07:40:11 | 000,195,798 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quince and chicken livers.htm [2012/07/24 17:56:22 | 000,001,220 | ---- | C] () -- C:\WINDOWS\PHOTOHSE.INI [2012/04/09 10:50:15 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe [2012/04/07 05:14:13 | 000,000,136 | ---- | C] () -- C:\WINDOWS\BuzzTWCP.INI [2012/04/07 05:14:13 | 000,000,101 | ---- | C] () -- C:\WINDOWS\BUZZTWLC.INI [2012/04/07 05:14:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BuzzTWSC.INI [2012/04/07 05:09:19 | 000,000,339 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini [2012/02/15 02:16:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/10/30 10:23:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2011/08/27 00:56:54 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\s-1-5-20.rrr [2011/08/27 00:56:54 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr [2011/04/29 02:59:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/29 02:59:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2010/09/03 08:18:06 | 000,020,531 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4 [2010/09/03 05:27:33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\A17U.INI [2010/09/03 05:24:53 | 000,015,360 | R--- | C] () -- C:\WINDOWS\System32\GetInst32.dll [2010/03/16 09:06:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010/02/24 14:30:24 | 001,692,288 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2010/02/24 14:30:24 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2010/02/24 14:30:24 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2010/02/24 14:30:24 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2010/02/24 14:30:24 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2010/02/21 06:21:30 | 000,071,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/02/21 05:29:23 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini [2010/02/07 06:35:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010/02/05 08:24:21 | 000,000,031 | ---- | C] () -- C:\WINDOWS\pixcache.ini [2010/02/05 08:20:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI [2010/02/05 08:20:18 | 000,000,092 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2010/01/29 16:59:09 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll [2010/01/29 11:23:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/01/29 04:11:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2010/01/27 11:28:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/07/31 14:32:24 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/07/26 10:28:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/07/26 10:26:57 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/07/26 09:51:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll [2007/07/26 09:45:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007/07/26 09:38:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005/11/11 05:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll [2005/11/11 05:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2004/08/12 08:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/12 08:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/12 08:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/12 08:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/12 08:26:07 | 000,343,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/12 08:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/12 08:26:05 | 000,052,868 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/12 08:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/12 08:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/12 08:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/12 08:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/12 08:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [1998/06/01 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL [1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2012/12/17 08:35:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acronis [2012/12/17 08:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acronis [2010/11/01 10:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2012/12/21 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD [2012/06/21 12:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint [2012/04/07 04:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo [2010/02/15 06:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gnupg [2010/04/19 12:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro [2010/10/06 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lasersoft Imaging [2010/08/06 10:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound [2010/10/30 10:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org [2011/11/09 13:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit [2012/01/21 12:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Product_RM [2010/11/02 12:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProgSense [2012/05/19 10:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Registry Mechanic [2010/03/02 11:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird [2012/05/12 02:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus [2012/12/19 09:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2012/11/18 10:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint [2012/05/12 02:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software [2010/01/31 06:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2010/09/03 05:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft [2013/01/02 03:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/03/09 14:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt [2011/03/04 13:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/02/21 06:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2013/01/08 07:11:37 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\mbam full scan.job [2013/01/11 04:05:30 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\mbam scan.job [2013/01/11 08:34:59 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\mbam.job [2013/01/11 03:11:11 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack BACKUP OF DATA.job [2013/01/11 02:26:43 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack daily.job [2012/05/19 10:34:52 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/05/12 00:24:56 | 000,080,590 | ---- | M] () -- C:\aaw7boot.log [2007/07/26 09:42:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2012/11/21 13:25:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012/12/17 12:17:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2004/08/03 18:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2007/07/26 09:42:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007/07/26 09:42:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/07/26 09:42:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/12 08:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009/08/28 06:37:46 | 000,250,048 | RHS- | M] () -- C:\ntldr [2013/01/11 11:50:27 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys [2012/12/20 15:41:04 | 000,000,251 | ---- | M] () -- C:\user.js < MD5 for: EXPLORER.EXE > [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2004/08/12 08:19:07 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: SERVICES.EXE > [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2008/04/13 23:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe [2008/04/13 23:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe [2004/08/12 08:28:09 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe < MD5 for: USERINIT.EXE > [2004/08/12 08:31:54 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 23:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 23:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004/08/12 08:33:32 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012/12/14 11:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/04/13 23:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 23:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >
-
Xp professional sp3
-
Hi..you helped me quite recently, see "stolen Data", and now again I have a virus that has bocked my system. We followed your advice re being cautious but still we have been hit. Looking at the forum I saw details as to using safe mode and running MBAM to locate the virus. Once in Safe mode my keyboard is disabled and I cannot login. I tried to wipe the C drive by recovering with Acronis True Image but when choosing the destination for the recovery Acronis freezes. Help again please. I am running a 2nd PC and can work from that...........Thanks
-
Many thanks for your kindness and time with this. Could I ask 2 more questions. Should I leave recovery console in place or if not, do I use safe mode to remove it. Are you in favour of security suites rather than the bunch of utiities I'm using which all seem at odds with each other. Many reviews seem to imply that the provider is suberb in one area, check point and firewall, whilst weak in the rest, antivirus and malware. I would appreciate your thoughts.. A good new year for you and thanks again.
-
Hi..............Followed your instructions, and checked java updates which says I have the latest update for this platform