gumdrop
-
Posts
57 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by gumdrop
-
-
Hi..................Avira with no requests from us flagged up and quarantined............
C:\System Volume Information\_restore{A90..... ..... 71B}\RP2\A0000039.exe
TR/Kazy.134631.1
.......................this morning.
-
I started a thread in Avira forums asking why Avira did not notice the trojan when real-time protection was running and received the following from Malwarebytes
Also can you please go to C:\_OTL\MovedFiles and right click on the folder, select send to compressed(zip) folder that will make a zipped copy of this folder.
Then please upload it to http://www.bleepingcomputer.com/submit-m…php?channel=122 so we can examine the files and submit to antivirus companies if needed.
After that please delete the zip files you just created.
Regards,
Georgi
I have submitted the file as requested.
Yesterday when running a full scan of the system with MBAM, Avira found TR/Kazy.134631.1 in the OLT folder.
Windows Security Centre is now working ok with firewall, updates and internet all working. I will reboot a few times to see if startup improves, it is running slower than prior to the infection.....Many Thanks for your help and look forward to getting your next posting.
I
-
Farbar Service Scanner Version: 05-01-2013
Ran by Administrator (administrator) on 12-01-2013 at 23:06:02
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000800000056000000070000000A0000000B00000006000000
IpSec Tag value is correct.
**** End of log ****
-
As noted previously we have lost Security Centre
-
I hope by posting you mean't this, let me know if I got it wrong
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Spybot - Search & Destroy
Secunia PSI (3.0.0.6001)
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Panda Cloud Cleaner
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader XI
Mozilla Firefox (18.0)
Mozilla Thunderbird (17.0.)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
-
# AdwCleaner v2.105 - Logfile created 01/12/2013 at 20:01:29
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - DELL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions\staged
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\ConduitCommon
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
***** [Registry] *****
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3015261
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0 (en-US)
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\prefs.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\user.js ... Deleted !
[OK] File is clean.
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\prefs.js
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\user.js ... Deleted !
Deleted : user_pref("CT2645238..clientLogIsEnabled", false);
Deleted : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2645238.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2645238.CTID", "CT2645238");
Deleted : user_pref("CT2645238.CurrentServerDate", "6-8-2012");
Deleted : user_pref("CT2645238.DSInstall", false);
Deleted : user_pref("CT2645238.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2645238.DialogsGetterLastCheckTime", "Mon Aug 06 2012 07:00:20 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT2645238.DownloadReferralCookieData", "");
Deleted : user_pref("CT2645238.EMailNotifierPollDate", "Sat Jun 23 2012 10:51:02 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2645238.FirstServerDate", "22-6-2012");
Deleted : user_pref("CT2645238.FirstTime", true);
Deleted : user_pref("CT2645238.FirstTimeFF3", true);
Deleted : user_pref("CT2645238.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2645238.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2645238.HPInstall", false);
Deleted : user_pref("CT2645238.HasUserGlobalKeys", true);
Deleted : user_pref("CT2645238.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2645238.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2645238.Initialize", true);
Deleted : user_pref("CT2645238.InitializeCommonPrefs", true);
Deleted : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2645238.InstallationId", "ct2645238_zonealarm_security.exe");
Deleted : user_pref("CT2645238.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2645238.InstalledDate", "Fri Jun 22 2012 12:59:12 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2645238.IsAlertDBUpdated", true);
Deleted : user_pref("CT2645238.IsGrouping", false);
Deleted : user_pref("CT2645238.IsInitSetupIni", true);
Deleted : user_pref("CT2645238.IsMulticommunity", false);
Deleted : user_pref("CT2645238.IsOpenThankYouPage", false);
Deleted : user_pref("CT2645238.IsOpenUninstallPage", false);
Deleted : user_pref("CT2645238.LanguagePackLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2645238.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:32:58 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2645238.LastLogin_3.14.1.0", "Mon Aug 06 2012 06:48:37 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2645238.LastLogin_3.9.0.3", "Sat Jun 23 2012 06:44:56 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2645238.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2645238.Locale", "en");
Deleted : user_pref("CT2645238.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2645238.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2645238.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2645238.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT2645238.SearchCaption", "ZoneAlarm Security Customized Web Search");
Deleted : user_pref("CT2645238.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2645238.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...]
Deleted : user_pref("CT2645238.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2645238.SearchProtectorEnabled", false);
Deleted : user_pref("CT2645238.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2645238.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2645238.ServiceMapLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT2645238.SettingsLastCheckTime", "Mon Aug 06 2012 06:48:36 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2645238.SettingsLastUpdate", "1342353030");
Deleted : user_pref("CT2645238.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13");
Deleted : user_pref("CT2645238.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Sat Jun 23 2012 07:37:29 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2645238.ToolbarDisabled", true);
Deleted : user_pref("CT2645238.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238");
Deleted : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2645238.UserID", "UN41505695258218955");
Deleted : user_pref("CT2645238.ValidationData_Search", 0);
Deleted : user_pref("CT2645238.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2645238.alertChannelId", "1037922");
Deleted : user_pref("CT2645238.autoDisableScopes", -1);
Deleted : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Fri Jun 22 2012 12:59:13 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT2645238.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2645238.initDone", true);
Deleted : user_pref("CT2645238.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2645238.myStuffEnabled", true);
Deleted : user_pref("CT2645238.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2645238.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2645238.revertSettingsEnabled", true);
Deleted : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2645238.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2645238.testingCtid", "");
Deleted : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Sun Aug 05 2012 10:11:03 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Fri Jun 22 2012 12:59:16 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2645238.usagesFlag", 2);
Deleted : user_pref("CT3015261..clientLogIsEnabled", true);
Deleted : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3015261.AppTrackingLastCheckTime", "Sat Aug 06 2011 10:09:59 GMT+0100 (GMT Daylight Tim[...]
Deleted : user_pref("CT3015261.CTID", "CT3015261");
Deleted : user_pref("CT3015261.CurrentServerDate", "7-8-2011");
Deleted : user_pref("CT3015261.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT3015261.DownloadReferralCookieData", "");
Deleted : user_pref("CT3015261.EMailNotifierPollDate", "Sat Aug 06 2011 11:01:41 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT3015261.FirstServerDate", "6-8-2011");
Deleted : user_pref("CT3015261.FirstTime", true);
Deleted : user_pref("CT3015261.FirstTimeFF3", true);
Deleted : user_pref("CT3015261.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3015261.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3015261.HasUserGlobalKeys", true);
Deleted : user_pref("CT3015261.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3015261.Initialize", true);
Deleted : user_pref("CT3015261.InitializeCommonPrefs", true);
Deleted : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe");
Deleted : user_pref("CT3015261.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT3015261.InstalledDate", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3015261.IsAlertDBUpdated", true);
Deleted : user_pref("CT3015261.IsGrouping", false);
Deleted : user_pref("CT3015261.IsInitSetupIni", true);
Deleted : user_pref("CT3015261.IsMulticommunity", false);
Deleted : user_pref("CT3015261.IsOpenThankYouPage", false);
Deleted : user_pref("CT3015261.IsOpenUninstallPage", false);
Deleted : user_pref("CT3015261.LanguagePackLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3015261.LastLogin_3.5.1.1", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3015261.LatestVersion", "3.3.5.1");
Deleted : user_pref("CT3015261.Locale", "en");
Deleted : user_pref("CT3015261.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3015261.MCDetectTooltipShow", false);
Deleted : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3015261.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3015261.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1");
Deleted : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT3015261.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]
Deleted : user_pref("CT3015261.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT3015261.SearchProtectorEnabled", false);
Deleted : user_pref("CT3015261.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT3015261.ServiceMapLastCheckTime", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT3015261.SettingsLastCheckTime", "Sun Aug 07 2011 06:51:02 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT3015261.SettingsLastUpdate", "1311168858");
Deleted : user_pref("CT3015261.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT3015261.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261");
Deleted : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3015261.UserID", "UN29909517275356115");
Deleted : user_pref("CT3015261.ValidationData_Search", 2);
Deleted : user_pref("CT3015261.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3015261.alertChannelId", "1406927");
Deleted : user_pref("CT3015261.approveUntrustedApps", true);
Deleted : user_pref("CT3015261.backendstorage.youtube_user_first_login_date", "30382F30372F32303131");
Deleted : user_pref("CT3015261.backendstorage.youtube_user_survey_visit", "4E4F545F56495349544544");
Deleted : user_pref("CT3015261.backendstorage.youtubelang", "5553");
Deleted : user_pref("CT3015261.components.1000034", false);
Deleted : user_pref("CT3015261.components.129506578327572375", false);
Deleted : user_pref("CT3015261.components.129506578328099741", false);
Deleted : user_pref("CT3015261.components.129506578328177870", false);
Deleted : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT3015261.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3015261.initDone", true);
Deleted : user_pref("CT3015261.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3015261.myStuffEnabled", true);
Deleted : user_pref("CT3015261.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3015261.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...]
Deleted : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3015261.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3015261.testingCtid", "");
Deleted : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3015261.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/6340849608501725[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3015261,CT2645238");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261,CT2645238");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261,CT2645238");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 06 2011 10:09:52 GMT+0100 (GMT[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "a29860f5-c187-4efc-91d4-fe8b2af9f40f");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 22 2012 12:59:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 22 2012 14:05:35 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 22 2012 12:59:08 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "50271d6e-f331-4238-b586-bfb3d8314667");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
*************************
AdwCleaner[R1].txt - [22939 octets] - [12/01/2013 18:11:17]
AdwCleaner[R2].txt - [23000 octets] - [12/01/2013 20:00:28]
AdwCleaner[R3].txt - [23061 octets] - [12/01/2013 20:01:00]
AdwCleaner[s1].txt - [23626 octets] - [12/01/2013 20:01:29]
########## EOF - C:\AdwCleaner[s1].txt - [23687 octets] ##########
-
No we should delete if its best, I'm just blind to the consequences, what should I do next.
-
I am a little lost here. Are we deleting firefox profiles or elements within the profiles. Are some of these bookmarks ? What may occur once the items are deleted ?
# AdwCleaner v2.105 - Logfile created 01/12/2013 at 18:11:17
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - DELL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
File Found : C:\user.js
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions\staged
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\ConduitCommon
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
***** [Registry] *****
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3015261
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKU\S-1-5-21-1409082233-308236825-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0 (en-US)
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\prefs.js
[OK] File is clean.
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\prefs.js
Found : user_pref("CT2645238..clientLogIsEnabled", false);
Found : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2645238.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2645238.CTID", "CT2645238");
Found : user_pref("CT2645238.CurrentServerDate", "6-8-2012");
Found : user_pref("CT2645238.DSInstall", false);
Found : user_pref("CT2645238.DialogsAlignMode", "LTR");
Found : user_pref("CT2645238.DialogsGetterLastCheckTime", "Mon Aug 06 2012 07:00:20 GMT+0100 (GMT Daylight T[...]
Found : user_pref("CT2645238.DownloadReferralCookieData", "");
Found : user_pref("CT2645238.EMailNotifierPollDate", "Sat Jun 23 2012 10:51:02 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT2645238.FirstServerDate", "22-6-2012");
Found : user_pref("CT2645238.FirstTime", true);
Found : user_pref("CT2645238.FirstTimeFF3", true);
Found : user_pref("CT2645238.FixPageNotFoundErrors", true);
Found : user_pref("CT2645238.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2645238.HPInstall", false);
Found : user_pref("CT2645238.HasUserGlobalKeys", true);
Found : user_pref("CT2645238.HomePageProtectorEnabled", false);
Found : user_pref("CT2645238.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Found : user_pref("CT2645238.Initialize", true);
Found : user_pref("CT2645238.InitializeCommonPrefs", true);
Found : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2645238.InstallationId", "ct2645238_zonealarm_security.exe");
Found : user_pref("CT2645238.InstallationType", "ConduitXPEIntegration");
Found : user_pref("CT2645238.InstalledDate", "Fri Jun 22 2012 12:59:12 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2645238.IsAlertDBUpdated", true);
Found : user_pref("CT2645238.IsGrouping", false);
Found : user_pref("CT2645238.IsInitSetupIni", true);
Found : user_pref("CT2645238.IsMulticommunity", false);
Found : user_pref("CT2645238.IsOpenThankYouPage", false);
Found : user_pref("CT2645238.IsOpenUninstallPage", false);
Found : user_pref("CT2645238.LanguagePackLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2645238.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:32:58 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2645238.LastLogin_3.14.1.0", "Mon Aug 06 2012 06:48:37 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2645238.LastLogin_3.9.0.3", "Sat Jun 23 2012 06:44:56 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2645238.LatestVersion", "3.14.1.0");
Found : user_pref("CT2645238.Locale", "en");
Found : user_pref("CT2645238.MCDetectTooltipHeight", "83");
Found : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2645238.MCDetectTooltipWidth", "295");
Found : user_pref("CT2645238.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2645238.OriginalFirstVersion", "3.9.0.3");
Found : user_pref("CT2645238.SearchCaption", "ZoneAlarm Security Customized Web Search");
Found : user_pref("CT2645238.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT2645238.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...]
Found : user_pref("CT2645238.SearchInNewTabEnabled", true);
Found : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight [...]
Found : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2645238.SearchProtectorEnabled", false);
Found : user_pref("CT2645238.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2645238.SendProtectorDataViaLogin", true);
Found : user_pref("CT2645238.ServiceMapLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Time[...]
Found : user_pref("CT2645238.SettingsLastCheckTime", "Mon Aug 06 2012 06:48:36 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT2645238.SettingsLastUpdate", "1342353030");
Found : user_pref("CT2645238.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13");
Found : user_pref("CT2645238.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Sat Jun 23 2012 07:37:29 GMT+0100 (GMT Dayligh[...]
Found : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT2645238.ToolbarDisabled", true);
Found : user_pref("CT2645238.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238");
Found : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2645238.UserID", "UN41505695258218955");
Found : user_pref("CT2645238.ValidationData_Search", 0);
Found : user_pref("CT2645238.ValidationData_Toolbar", 2);
Found : user_pref("CT2645238.alertChannelId", "1037922");
Found : user_pref("CT2645238.autoDisableScopes", -1);
Found : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Fri Jun 22 2012 12:59:13 GMT+0100 (GMT Dayl[...]
Found : user_pref("CT2645238.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2645238.initDone", true);
Found : user_pref("CT2645238.isAppTrackingManagerOn", true);
Found : user_pref("CT2645238.myStuffEnabled", true);
Found : user_pref("CT2645238.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2645238.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2645238.revertSettingsEnabled", true);
Found : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2645238.searchProtectorEnableByLogin", true);
Found : user_pref("CT2645238.testingCtid", "");
Found : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Sun Aug 05 2012 10:11:03 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Fri Jun 22 2012 12:59:16 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2645238.usagesFlag", 2);
Found : user_pref("CT3015261..clientLogIsEnabled", true);
Found : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3015261.AppTrackingLastCheckTime", "Sat Aug 06 2011 10:09:59 GMT+0100 (GMT Daylight Tim[...]
Found : user_pref("CT3015261.CTID", "CT3015261");
Found : user_pref("CT3015261.CurrentServerDate", "7-8-2011");
Found : user_pref("CT3015261.DialogsAlignMode", "LTR");
Found : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight T[...]
Found : user_pref("CT3015261.DownloadReferralCookieData", "");
Found : user_pref("CT3015261.EMailNotifierPollDate", "Sat Aug 06 2011 11:01:41 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT3015261.FirstServerDate", "6-8-2011");
Found : user_pref("CT3015261.FirstTime", true);
Found : user_pref("CT3015261.FirstTimeFF3", true);
Found : user_pref("CT3015261.FixPageNotFoundErrors", true);
Found : user_pref("CT3015261.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3015261.HasUserGlobalKeys", true);
Found : user_pref("CT3015261.HomePageProtectorEnabled", false);
Found : user_pref("CT3015261.Initialize", true);
Found : user_pref("CT3015261.InitializeCommonPrefs", true);
Found : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe");
Found : user_pref("CT3015261.InstallationType", "ConduitIntegration");
Found : user_pref("CT3015261.InstalledDate", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3015261.IsAlertDBUpdated", true);
Found : user_pref("CT3015261.IsGrouping", false);
Found : user_pref("CT3015261.IsInitSetupIni", true);
Found : user_pref("CT3015261.IsMulticommunity", false);
Found : user_pref("CT3015261.IsOpenThankYouPage", false);
Found : user_pref("CT3015261.IsOpenUninstallPage", false);
Found : user_pref("CT3015261.LanguagePackLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3015261.LastLogin_3.5.1.1", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3015261.LatestVersion", "3.3.5.1");
Found : user_pref("CT3015261.Locale", "en");
Found : user_pref("CT3015261.MCDetectTooltipHeight", "83");
Found : user_pref("CT3015261.MCDetectTooltipShow", false);
Found : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3015261.MCDetectTooltipWidth", "295");
Found : user_pref("CT3015261.MyStuffEnabledAtInstallation", false);
Found : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1");
Found : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT3015261.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]
Found : user_pref("CT3015261.SearchInNewTabEnabled", true);
Found : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight [...]
Found : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT3015261.SearchProtectorEnabled", false);
Found : user_pref("CT3015261.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT3015261.ServiceMapLastCheckTime", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Daylight Time[...]
Found : user_pref("CT3015261.SettingsLastCheckTime", "Sun Aug 07 2011 06:51:02 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT3015261.SettingsLastUpdate", "1311168858");
Found : user_pref("CT3015261.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Dayligh[...]
Found : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT3015261.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261");
Found : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3015261.UserID", "UN29909517275356115");
Found : user_pref("CT3015261.ValidationData_Search", 2);
Found : user_pref("CT3015261.ValidationData_Toolbar", 2);
Found : user_pref("CT3015261.alertChannelId", "1406927");
Found : user_pref("CT3015261.approveUntrustedApps", true);
Found : user_pref("CT3015261.backendstorage.youtube_user_first_login_date", "30382F30372F32303131");
Found : user_pref("CT3015261.backendstorage.youtube_user_survey_visit", "4E4F545F56495349544544");
Found : user_pref("CT3015261.backendstorage.youtubelang", "5553");
Found : user_pref("CT3015261.components.1000034", false);
Found : user_pref("CT3015261.components.129506578327572375", false);
Found : user_pref("CT3015261.components.129506578328099741", false);
Found : user_pref("CT3015261.components.129506578328177870", false);
Found : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Dayl[...]
Found : user_pref("CT3015261.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3015261.initDone", true);
Found : user_pref("CT3015261.isAppTrackingManagerOn", true);
Found : user_pref("CT3015261.myStuffEnabled", true);
Found : user_pref("CT3015261.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3015261.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...]
Found : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3015261.searchProtectorEnableByLogin", true);
Found : user_pref("CT3015261.testingCtid", "");
Found : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3015261.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/UK", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/UK", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/6340849608501725[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT3015261,CT2645238");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261,CT2645238");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261,CT2645238");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 06 2011 10:09:52 GMT+0100 (GMT[...]
Found : user_pref("CommunityToolbar.globalUserId", "a29860f5-c187-4efc-91d4-fe8b2af9f40f");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 22 2012 12:59:1[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 22 2012 14:05:35 GMT+010[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 22 2012 12:59:08 GMT+0100 (G[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "50271d6e-f331-4238-b586-bfb3d8314667");
Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
*************************
AdwCleaner[R1].txt - [22808 octets] - [12/01/2013 18:11:17]
########## EOF - C:\AdwCleaner[R1].txt - [22869 octets] ##########
-
"%userprofile%\desktop\combofix.exe" /nombrComboFix 13-01-12.01 - Administrator 12/01/2013 17:18:11.1.2 - x86
Running from: c:\documents and settings\Administrator\desktop\combofix.exe
Command switches used :: /nombr
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\CTL3D.1
c:\windows\system\Color
.
.
((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))
.
.
2013-01-12 01:11 . 2013-01-12 01:11 -------- d-----w- C:\_OTL
2013-01-08 15:08 . 2013-01-08 15:08 196665 -c--a-w- c:\windows\system32\dllcache\imjpinst.exe
2013-01-04 06:58 . 2012-06-02 15:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-01-03 16:52 . 2013-01-03 16:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2013-01-03 16:48 . 2013-01-03 16:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Secunia PSI
2013-01-03 16:48 . 2013-01-03 16:48 -------- d-----w- c:\program files\Secunia
2012-12-26 10:27 . 2012-12-27 07:52 -------- d-----w- c:\program files\SpywareBlaster
2012-12-24 09:15 . 2012-12-24 09:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2012-12-24 09:03 . 2012-12-24 09:03 -------- d-----w- c:\program files\Common Files\Java
2012-12-24 09:03 . 2012-12-24 09:02 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-24 09:02 . 2012-12-24 09:02 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-22 16:11 . 2012-12-23 10:13 -------- d-----w- c:\documents and settings\Administrator\Doctor Web
2012-12-22 11:31 . 2012-12-22 11:31 -------- d-----w- c:\program files\Panda Security
2012-12-21 17:00 . 2012-12-21 17:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Check Point Software Technologies LTD
2012-12-20 20:41 . 2012-12-20 20:41 -------- d-----w- c:\program files\Check Point Software Technologies LTD
2012-12-20 20:40 . 2012-12-20 20:42 -------- d-----w- c:\program files\CheckPoint
2012-12-19 16:07 . 2012-12-19 16:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2012-12-19 16:01 . 2012-11-27 10:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-19 16:01 . 2012-11-22 15:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-19 16:01 . 2012-11-22 15:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-19 16:01 . 2012-12-19 16:01 -------- d-----w- c:\program files\Avira
2012-12-19 16:01 . 2012-12-19 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-12-18 16:49 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2012-12-18 16:49 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2012-12-18 16:49 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2012-12-18 16:49 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2012-12-18 16:49 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2012-12-17 19:42 . 2012-12-17 19:42 395744 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-12-17 19:42 . 2012-12-17 19:42 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-12-17 19:42 . 2012-12-17 19:42 -------- d-----w- c:\program files\Common Files\Acronis
2012-12-17 19:42 . 2012-12-17 19:42 -------- d-----w- c:\program files\Acronis
2012-12-17 13:25 . 2008-04-14 05:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-12-17 13:25 . 2008-04-14 05:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-12-17 13:21 . 2012-12-17 13:21 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-12-16 08:11 . 2012-12-16 08:12 -------- d-----w- c:\program files\ERUNT
2012-12-15 13:15 . 2012-12-15 13:44 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 14:05 . 2012-04-09 09:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-12 14:05 . 2011-05-24 10:38 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-24 09:02 . 2012-06-21 17:27 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-24 09:02 . 2010-06-24 16:25 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-17 19:42 . 2010-01-27 15:29 39264 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-12-16 12:23 . 2004-08-12 13:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49 . 2012-03-27 06:58 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-08-12 13:33 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2009-08-28 11:44 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-12 13:18 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-12 13:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec
2013-01-11 10:25 . 2013-01-11 10:24 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-07 73392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2006-10-16 21:13 87584 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2006-10-16 21:17 1941784 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-12-04 15:36 384800 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 09:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2006-10-16 21:12 1164912 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINMGMT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\mbam full scan.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49]
.
2013-01-12 c:\windows\Tasks\mbam scan.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49]
.
2013-01-12 c:\windows\Tasks\mbam.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49]
.
2013-01-11 c:\windows\Tasks\SyncBack BACKUP OF DATA.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-01-28 15:42]
.
2013-01-12 c:\windows\Tasks\SyncBack daily.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-01-28 15:42]
.
2012-05-19 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-08-06 15:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download Flash with Flash &Grabber - c:\progra~1\FLASHG~1\swfgrab.dll/iesave
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - ExtSQL: 2012-12-06 08:11; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
FF - ExtSQL: 2012-12-20 20:42; ffxtlbr@zonealarm.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: 2012-12-20 20:42; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN116050713161252-1043&toolbarId=base&affiliateId=1043&Lan={dfltLng}&utid=a886ccab0000000000000019b92f743a&q=
FF - user.js: extensions.zonealarm.id - a886ccab0000000000000019b92f743a
FF - user.js: extensions.zonealarm.instlDay - 15694
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.420:41
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN116050713161252-1043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
.
------- File Associations -------
.
.reg=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - (no file)
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-12 17:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-308236825-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,01,6e,95,85,24,cb,46,98,0e,52,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,01,6e,95,85,24,cb,46,98,0e,52,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,09,94,b5,fa,f4,b5,4c,ad,d9,94,\
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\relog_ap.dll
.
Completion time: 2013-01-12 17:34:37
ComboFix-quarantined-files.txt 2013-01-12 17:34
.
Pre-Run: 8,221,978,624 bytes free
Post-Run: 8,225,382,400 bytes free
.
- - End Of File - - 81720C3131722C7B4419220865F6F89E
-
Hi....its now an hour since I started Combo and it still hasn't scanned, the machine is frozen so I will power it down on the tower.
Maybe of interest, Startup in ccleaner is shwing enabled programs for forewall and anti-virus once both have been disabled in idesktop icons, bottom right.
Just got your reply and will try that
-
I have disconnected the machine from the internet.
Combofix has been running for 20 mins and has not gone beyond..........
Scanning for infected files
Typically.........................10 mins
However.........................................................easily double
no flashing cursur after that
It looks as though the system is frozen, clock is fixed on Combo start time, which happened when we tried to use ComboFix with our last problem you dealt with.
Have disabled Firewall and Antivirus in icons bottom right of desktop.
I will leave Combofix in its present frozen state untill I hear back from you.
-
Hi............as discussed windows security centre has been disabled by the trojan. I have disabled the web security element of Zonealarms firewall but since I assume the windows firewall is inactive can I run Combo with the firewall active?
-
Hi Again.................was looking for solutions to Security Centre when Avira Anti Virus flagged up
TR/Kazy.134631.1 which is the same exercise you found last night. Its now in Avira's quarantine with a file name of
C:\_OTL\Moved File\01112013_201102\C_Documents& Settings\Admin............\wgsdgsdgdsgsd.exe
-
Hi Panda Cloud Cleaner came up with this suspicious policy. Should I ignore it?
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sUPERHIDDEN] to be changed to: 0
-
I forgot add that I used fixdamage.exe but that failed to deal with Security Essentials.
In windows the message.............. Windows firewall setting cannot be displayed because associated service is not running. Do you want to start Windows Firewall / Internet Connecting Sharing (ICS) service.
Saying Yes to this I get................ Windows cannot start (ICS) service.
If neccessary I can recover to a True Image Backup.
-
No Malware found with rootkit. Windows update and internet connection working. Have lost secrity essentials. Tried to start but failed as below.
Method 3: Restart the Security Center service.
a. Click Start, Click Run, type “services.msc” (without quotes) and press Enter.
b. Double-click "Security Center" service. Click Stop, click Start.
Dialog box showing start, clicked it and got......"Could not start the Security Centre service on local computer. Error 1075: the dependancy service does not exist or has been marked for deletion."
Zonealarm Pro firewall working. Have started using the PC again with internet connection live.
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.12.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: DELL [administrator]
12/01/2013 07:57:28
mbar-log-2013-01-12 (07-57-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 24645
Time elapsed: 7 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 1038856192, free: 508006400
------------ Kernel report ------------
01/12/2013 07:46:37
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
uagp35.sys
snapman.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\sisnic.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\vsdatant.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85f89ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff85fc7940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.01.12.05
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 2138025984, free: 1684660224
------------ Kernel report ------------
01/12/2013 07:49:18
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
snapman.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\e1000325.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\incdrm.SYS
\SystemRoot\System32\DRIVERS\InCDPass.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\InCDrec.SYS
\SystemRoot\System32\Drivers\InCDfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\vsdatant.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\Aspi32.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\sr.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR6
Upper Device Object: 0xffffffff897ac888
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000069\
Lower Device Object: 0xffffffff89f76030
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a6bbab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a6f4d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a6bbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a69a9e0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a698908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6bbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6f4d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe186e300, 0xffffffff8a6bbab8, 0xffffffff8971f708
Lower DeviceData: 0xffffffffe30405a0, 0xffffffff8a6f4d98, 0xffffffff896fe560
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A1CCA1CC
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 36885177
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 36885240 Numsec = 48034350
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 84919590 Numsec = 71392860
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 80032038912 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-156292576-156312576)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff897ac888, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89d63ca0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff89827ac0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff897ac888, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89f76030, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xffffffffe3045130, 0xffffffff897ac888, 0xffffffff8986e6c8
Lower DeviceData: 0xffffffffe3062440, 0xffffffff89f76030, 0xffffffff89718480
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FFE89CEC
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 44 Numsec = 15679396
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 8036285952 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
-
Boot up was fine, a little slow. Needed to play to reconnect to internet but solved and working. Great news and many thanks.
I guess there is more to do. I have disconnected the infected PC from internet till I hear from you
-
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt deleted successfully.
C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ not found.
winmgmt removed from NetSvcs value successfully!
File C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe not found.
File C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe not found.
C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad moved successfully.
C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk moved successfully.
File C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe not found.
File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js not found.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk not found.
File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
OTLPE by OldTimer - Version 3.1.48.0 log created on 01112013_201102
-
OTL logfile created on: 1/11/2013 6:26:24 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.59 Gb Total Space | 7.88 Gb Free Space | 44.83% Space Free | Partition Type: NTFS
Drive D: | 22.90 Gb Total Space | 7.65 Gb Free Space | 33.40% Space Free | Partition Type: NTFS
Drive E: | 34.04 Gb Total Space | 12.71 Gb Free Space | 37.32% Space Free | Partition Type: NTFS
Drive F: | 7.46 Gb Total Space | 7.46 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/01/11 08:06:33 | 000,184,832 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe -- (winmgmt)
SRV - [2012/12/04 07:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/04 07:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/11/26 09:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012/11/26 09:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/11/07 14:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/11/02 13:17:02 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/03/29 09:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/01/28 07:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/29 02:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2006/10/16 16:13:28 | 000,230,944 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/09/20 11:05:32 | 000,877,056 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (SBRE)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot] -- -- (Lbd)
DRV - File not found [Kernel | On_Demand] -- -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/12/23 11:40:49 | 000,035,144 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/12/17 14:42:41 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012/12/17 14:42:41 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2012/12/17 14:42:38 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012/11/27 05:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/22 10:51:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/11/22 10:50:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/11/07 14:23:46 | 000,527,408 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/11/02 13:17:16 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/08/27 09:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/01/20 11:53:06 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/01/20 11:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/04/13 18:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/19 03:56:57 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP)
DRV - [2005/09/20 10:57:52 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005/09/20 10:57:48 | 000,101,760 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/09/20 10:57:26 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/09/20 09:57:20 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/09/17 03:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2002/06/21 09:39:28 | 000,469,935 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50)
DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Administrator_ON_C\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8:
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/12/20 15:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 05:25:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/11 05:24:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/09 14:01:05 | 000,000,000 | ---D | M]
[2010/03/02 11:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/02 11:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/21 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions
[2012/12/20 15:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions\staged
[2012/12/20 15:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions
[2010/06/24 07:05:30 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/12/20 15:42:38 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\ffxtlbr@zonealarm.com
[2013/01/11 05:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/11 05:24:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/11 05:25:03 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 05:15:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/24 03:20:42 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/12/22 11:21:07 | 000,000,786 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - Reg Error: Value error. File not found
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2011/05/10 02:11:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/02/15 06:49:21 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108831
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108831
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341986214343 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357231945390 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\WINDOWS\Untitled.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Untitled.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/26 09:42:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a04af742-3b8c-11dc-aa28-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a04af742-3b8c-11dc-aa28-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: winmgmt - C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe (Корпорация Майкрософт)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/11 08:06:33 | 000,184,832 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe
[2013/01/11 07:00:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/01/11 05:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/11 05:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ethiopia-forces-human-rights-funding_files
[2013/01/09 05:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desert holidays htm._files
[2013/01/08 09:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Rosenbaum on adam curtis_files
[2013/01/08 06:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\wild river htm._files
[2013/01/07 08:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\patwardhan war and peace htm_files
[2013/01/07 07:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\patwardhan_files
[2013/01/07 05:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\quince caramelised duck breasts_files
[2013/01/07 05:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\quince-recipes-hugh-fearnley-whittingstall_files
[2013/01/06 05:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\sylvia plath and hughes_files
[2013/01/05 04:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\warm-chicken-salad-recipe-ottolenghi_files
[2013/01/04 01:58:22 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2013/01/04 01:58:22 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2013/01/03 11:56:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/03 11:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
[2013/01/03 11:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Start Menu
[2013/01/03 11:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/01/03 11:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2013/01/03 11:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/01/03 11:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Secunia PSI
[2013/01/03 11:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/12/30 04:09:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/12/26 05:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/12/26 05:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/12/25 04:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Prestige customer assistance - Prestige.co.uk_files
[2012/12/24 12:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\films about the financial crisis_files
[2012/12/24 08:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\0 Works12
[2012/12/24 04:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/12/24 04:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/24 04:03:00 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/12/24 04:02:59 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/12/24 04:02:46 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/12/24 04:02:46 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/12/24 04:02:46 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/12/22 11:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Doctor Web
[2012/12/22 06:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/12/22 06:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2012/12/21 12:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD
[2012/12/20 15:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ForceField Shared Files
[2012/12/20 15:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/12/20 15:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD
[2012/12/20 15:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/12/19 12:30:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/12/19 11:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2012/12/19 11:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/12/19 11:01:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/12/19 11:01:52 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/12/19 11:01:52 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/12/19 11:01:52 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/12/19 11:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/12/19 11:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/12/19 10:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\0 news
[2012/12/19 08:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/12/18 11:49:03 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2012/12/18 11:49:03 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2012/12/18 11:49:03 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2012/12/18 11:49:03 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2012/12/18 11:49:03 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2012/12/18 09:20:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/17 14:42:41 | 000,395,744 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2012/12/17 14:42:38 | 000,114,048 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2012/12/17 14:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acronis
[2012/12/17 14:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2012/12/17 14:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012/12/17 12:17:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/12/17 08:35:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acronis
[2012/12/17 08:25:07 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2012/12/17 08:21:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/12/16 03:12:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/12/16 03:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/12/16 03:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/12/15 08:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/12/15 07:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\quince and chicken livers_files
========== Files - Modified Within 30 Days ==========
[2013/01/11 11:51:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/11 08:34:59 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\mbam.job
[2013/01/11 08:34:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/11 08:33:00 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
[2013/01/11 08:06:36 | 000,003,022 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js
[2013/01/11 08:06:36 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk
[2013/01/11 08:06:33 | 000,184,832 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe
[2013/01/11 05:14:32 | 000,232,450 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ethiopia-forces-human-rights-funding.htm
[2013/01/11 04:05:30 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\mbam scan.job
[2013/01/11 03:11:11 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack BACKUP OF DATA.job
[2013/01/11 02:26:43 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack daily.job
[2013/01/11 01:58:22 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/09 05:40:58 | 000,287,239 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\desert holidays htm..htm
[2013/01/08 10:08:18 | 000,196,665 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2013/01/08 09:59:24 | 000,016,186 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Gavi La Battistina 2011.odt
[2013/01/08 09:29:26 | 000,158,877 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Rosenbaum on adam curtis.htm
[2013/01/08 07:11:37 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\mbam full scan.job
[2013/01/08 06:03:38 | 000,097,291 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\wild river htm..htm
[2013/01/07 08:02:59 | 000,028,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan war and peace htm.htm
[2013/01/07 07:39:03 | 000,017,483 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan.htm
[2013/01/07 05:38:40 | 000,106,276 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quince caramelised duck breasts.htm
[2013/01/07 05:32:33 | 000,280,933 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quince-recipes-hugh-fearnley-whittingstall.htm
[2013/01/06 14:12:44 | 000,148,773 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\axum deleted.odt
[2013/01/06 05:43:30 | 000,307,425 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\sylvia plath and hughes.htm
[2013/01/05 04:54:48 | 000,268,646 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\warm-chicken-salad-recipe-ottolenghi.htm
[2013/01/05 03:42:08 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\recipes.lnk
[2013/01/03 12:05:40 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/01/03 12:04:14 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\soffice.exe.lnk
[2013/01/03 11:53:38 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\NetworkService\Desktop\SyncBack.lnk
[2013/01/03 11:52:02 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/01/03 11:48:17 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2013/01/03 04:00:27 | 000,042,370 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Newly discovered world wonders.odt
[2013/01/03 03:35:15 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/01/01 17:47:48 | 000,026,603 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\change of view.odt
[2012/12/30 09:36:04 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/30 04:11:07 | 000,026,181 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mughal India.odt
[2012/12/30 04:09:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/12/28 09:31:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/26 05:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/12/25 04:50:23 | 000,023,962 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Prestige customer assistance - Prestige.co.uk.htm
[2012/12/24 12:25:17 | 000,131,786 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\films about the financial crisis.htm
[2012/12/24 11:52:27 | 000,021,313 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\clean up.odt
[2012/12/24 04:02:36 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/12/24 04:02:35 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/12/24 04:02:35 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/12/24 04:02:35 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/12/24 04:02:35 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/12/24 04:02:34 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/12/24 04:02:34 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/12/24 03:28:55 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/24 03:28:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/23 11:40:49 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/12/22 11:21:07 | 000,000,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/22 06:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2012/12/21 02:01:13 | 000,071,707 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\stolen data.odt
[2012/12/20 15:44:50 | 000,411,125 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/12/20 15:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/12/20 15:41:04 | 000,000,251 | ---- | M] () -- C:\user.js
[2012/12/19 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/12/17 14:42:41 | 000,395,744 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2012/12/17 14:42:41 | 000,039,264 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2012/12/17 14:42:38 | 000,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2012/12/17 14:42:37 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 10.0.lnk
[2012/12/17 14:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acronis
[2012/12/17 12:17:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/12/17 04:52:41 | 000,000,453 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\0 toshiba n 550d.lnk
[2012/12/17 04:26:49 | 000,001,220 | ---- | M] () -- C:\WINDOWS\PHOTOHSE.INI
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/16 03:34:27 | 000,017,628 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\rogue killer.odt
[2012/12/16 03:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/12/15 07:40:16 | 000,195,798 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quince and chicken livers.htm
[2012/12/14 11:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013/01/11 08:06:36 | 000,003,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js
[2013/01/11 08:06:36 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk
[2013/01/11 08:06:34 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
[2013/01/11 05:14:29 | 000,232,450 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ethiopia-forces-human-rights-funding.htm
[2013/01/09 05:40:54 | 000,287,239 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\desert holidays htm..htm
[2013/01/08 10:08:18 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2013/01/08 09:59:23 | 000,016,186 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Gavi La Battistina 2011.odt
[2013/01/08 09:29:22 | 000,158,877 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Rosenbaum on adam curtis.htm
[2013/01/08 06:03:29 | 000,097,291 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\wild river htm..htm
[2013/01/07 08:02:59 | 000,028,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan war and peace htm.htm
[2013/01/07 07:39:01 | 000,017,483 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan.htm
[2013/01/07 05:38:39 | 000,106,276 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quince caramelised duck breasts.htm
[2013/01/07 05:32:30 | 000,280,933 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quince-recipes-hugh-fearnley-whittingstall.htm
[2013/01/06 14:12:44 | 000,148,773 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\axum deleted.odt
[2013/01/06 05:43:26 | 000,307,425 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\sylvia plath and hughes.htm
[2013/01/05 04:54:45 | 000,268,646 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\warm-chicken-salad-recipe-ottolenghi.htm
[2013/01/05 03:42:08 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\recipes.lnk
[2013/01/03 12:04:14 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\soffice.exe.lnk
[2013/01/03 11:53:38 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\NetworkService\Desktop\SyncBack.lnk
[2013/01/03 11:48:17 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2013/01/03 04:00:27 | 000,042,370 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Newly discovered world wonders.odt
[2013/01/03 03:35:15 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/01/03 02:33:41 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\mbam full scan.job
[2013/01/01 17:46:12 | 000,026,603 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\change of view.odt
[2012/12/30 03:16:16 | 000,026,181 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mughal India.odt
[2012/12/29 06:31:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\mbam scan.job
[2012/12/29 06:27:20 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\mbam.job
[2012/12/25 04:50:20 | 000,023,962 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Prestige customer assistance - Prestige.co.uk.htm
[2012/12/24 12:25:14 | 000,131,786 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\films about the financial crisis.htm
[2012/12/24 10:35:15 | 000,021,313 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\clean up.odt
[2012/12/24 03:33:58 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/23 11:40:49 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/12/21 02:01:03 | 000,071,707 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\stolen data.odt
[2012/12/20 15:42:51 | 000,411,125 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/12/17 14:42:37 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 10.0.lnk
[2012/12/17 12:17:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/12/17 12:17:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/12/17 04:52:41 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\0 toshiba n 550d.lnk
[2012/12/16 03:34:27 | 000,017,628 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\rogue killer.odt
[2012/12/15 07:40:11 | 000,195,798 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quince and chicken livers.htm
[2012/07/24 17:56:22 | 000,001,220 | ---- | C] () -- C:\WINDOWS\PHOTOHSE.INI
[2012/04/09 10:50:15 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/04/07 05:14:13 | 000,000,136 | ---- | C] () -- C:\WINDOWS\BuzzTWCP.INI
[2012/04/07 05:14:13 | 000,000,101 | ---- | C] () -- C:\WINDOWS\BUZZTWLC.INI
[2012/04/07 05:14:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BuzzTWSC.INI
[2012/04/07 05:09:19 | 000,000,339 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2012/02/15 02:16:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/30 10:23:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/08/27 00:56:54 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\s-1-5-20.rrr
[2011/08/27 00:56:54 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr
[2011/04/29 02:59:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/29 02:59:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/09/03 08:18:06 | 000,020,531 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4
[2010/09/03 05:27:33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\A17U.INI
[2010/09/03 05:24:53 | 000,015,360 | R--- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2010/03/16 09:06:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/24 14:30:24 | 001,692,288 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/02/24 14:30:24 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/02/24 14:30:24 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/02/24 14:30:24 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/02/24 14:30:24 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/02/21 06:21:30 | 000,071,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/21 05:29:23 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010/02/07 06:35:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/02/05 08:24:21 | 000,000,031 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2010/02/05 08:20:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI
[2010/02/05 08:20:18 | 000,000,092 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/01/29 16:59:09 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2010/01/29 11:23:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/29 04:11:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2010/01/27 11:28:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/31 14:32:24 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/26 10:28:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/26 10:26:57 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/26 09:51:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2007/07/26 09:45:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/26 09:38:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/11 05:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2005/11/11 05:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/08/12 08:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 08:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 08:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 08:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 08:26:07 | 000,343,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 08:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 08:26:05 | 000,052,868 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 08:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 08:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 08:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 08:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 08:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1998/06/01 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2012/12/17 08:35:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acronis
[2012/12/17 08:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acronis
[2010/11/01 10:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/12/21 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD
[2012/06/21 12:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2012/04/07 04:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/02/15 06:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gnupg
[2010/04/19 12:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2010/10/06 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lasersoft Imaging
[2010/08/06 10:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2010/10/30 10:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2011/11/09 13:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2012/01/21 12:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Product_RM
[2010/11/02 12:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProgSense
[2012/05/19 10:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Registry Mechanic
[2010/03/02 11:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2012/05/12 02:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2012/12/19 09:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/11/18 10:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/05/12 02:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2010/01/31 06:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/09/03 05:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2013/01/02 03:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/09 14:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2011/03/04 13:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/21 06:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013/01/08 07:11:37 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\mbam full scan.job
[2013/01/11 04:05:30 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\mbam scan.job
[2013/01/11 08:34:59 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\mbam.job
[2013/01/11 03:11:11 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack BACKUP OF DATA.job
[2013/01/11 02:26:43 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack daily.job
[2012/05/19 10:34:52 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2012/05/12 00:24:56 | 000,080,590 | ---- | M] () -- C:\aaw7boot.log
[2007/07/26 09:42:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/11/21 13:25:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/12/17 12:17:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 18:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2007/07/26 09:42:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/07/26 09:42:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/07/26 09:42:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 08:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/28 06:37:46 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/01/11 11:50:27 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2012/12/20 15:41:04 | 000,000,251 | ---- | M] () -- C:\user.js
< MD5 for: EXPLORER.EXE >
[2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/12 08:19:07 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 23:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 23:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/12 08:28:09 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: USERINIT.EXE >
[2004/08/12 08:31:54 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 23:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 23:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/12 08:33:32 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 11:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 23:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 23:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
-
Xp professional sp3
-
Hi..you helped me quite recently, see "stolen Data", and now again I have a virus that has bocked my system. We followed your advice re being cautious but still we have been hit.
Looking at the forum I saw details as to using safe mode and running MBAM to locate the virus. Once in Safe mode my keyboard is disabled and I cannot login.
I tried to wipe the C drive by recovering with Acronis True Image but when choosing the destination for the recovery Acronis freezes.
Help again please. I am running a 2nd PC and can work from that...........Thanks
-
Many thanks for your kindness and time with this. Could I ask 2 more questions.
Should I leave recovery console in place or if not, do I use safe mode to remove it.
Are you in favour of security suites rather than the bunch of utiities I'm using which all seem at odds with each other. Many reviews seem to imply that the provider is suberb in one area, check point and firewall, whilst weak in the rest, antivirus and malware. I would appreciate your thoughts..
A good new year for you and thanks again.
-
Hi..............Followed your instructions, and checked java updates which says I have the latest update for this platform
-
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Panda Cloud Cleaner
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader XI
Mozilla Firefox (17.0.1)
Mozilla Thunderbird (17.0.)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````
Police Central e-Crime Unit
in Resolved Malware Removal Logs
Posted
Boot-up has slowed some but that is the only problem.
Should I delete C;\_OLT\Moved Files and is there any other cleanup to do.
Avira didn't see the virus, do you think any of the anti virus programs would have picked up the trojan before we were infected ?
This trojan came from opening a film review on the web. Is there any safe way of checking unknown websites prior to opening them ?
Again thanks for the support.