Jump to content

Police Central e-Crime Unit


Recommended Posts

Hi..you helped me quite recently, see "stolen Data", and now again I have a virus that has bocked my system. We followed your advice re being cautious but still we have been hit.

Looking at the forum I saw details as to using safe mode and running MBAM to locate the virus. Once in Safe mode my keyboard is disabled and I cannot login.

I tried to wipe the C drive by recovering with Acronis True Image but when choosing the destination for the recovery Acronis freezes.

Help again please. I am running a 2nd PC and can work from that...........Thanks

Link to post
Share on other sites

OTL logfile created on: 1/11/2013 6:26:24 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 17.59 Gb Total Space | 7.88 Gb Free Space | 44.83% Space Free | Partition Type: NTFS

Drive D: | 22.90 Gb Total Space | 7.65 Gb Free Space | 33.40% Space Free | Partition Type: NTFS

Drive E: | 34.04 Gb Total Space | 12.71 Gb Free Space | 37.32% Space Free | Partition Type: NTFS

Drive F: | 7.46 Gb Total Space | 7.46 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2013/01/11 08:06:33 | 000,184,832 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe -- (winmgmt)

SRV - [2012/12/04 07:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012/12/04 07:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012/11/26 09:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)

SRV - [2012/11/26 09:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2012/11/07 14:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2012/11/02 13:17:02 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)

SRV - [2011/03/29 09:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®

SRV - [2011/01/28 07:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2010/03/29 02:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2006/10/16 16:13:28 | 000,230,944 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2005/09/20 11:05:32 | 000,877,056 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | System] -- -- (SBRE)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [File_System | Boot] -- -- (Lbd)

DRV - File not found [Kernel | On_Demand] -- -- (Lavasoft Kernexplorer)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2012/12/23 11:40:49 | 000,035,144 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV - [2012/12/17 14:42:41 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)

DRV - [2012/12/17 14:42:41 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2012/12/17 14:42:38 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)

DRV - [2012/11/27 05:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012/11/22 10:51:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2012/11/22 10:50:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012/11/07 14:23:46 | 000,527,408 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)

DRV - [2012/11/02 13:17:16 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2012/08/27 09:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/01/20 11:53:06 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)

DRV - [2010/01/20 11:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2008/04/13 18:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2007/06/19 03:56:57 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP)

DRV - [2005/09/20 10:57:52 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)

DRV - [2005/09/20 10:57:48 | 000,101,760 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2005/09/20 10:57:26 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)

DRV - [2005/09/20 09:57:20 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)

DRV - [2004/09/17 03:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

DRV - [2002/06/21 09:39:28 | 000,469,935 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50)

DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Administrator_ON_C\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8:

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/12/20 15:42:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 05:25:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/11 05:24:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/09 14:01:05 | 000,000,000 | ---D | M]

[2010/03/02 11:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/03/02 11:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012/06/21 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions

[2012/12/20 15:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions\staged

[2012/12/20 15:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions

[2010/06/24 07:05:30 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2012/12/20 15:42:38 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\ffxtlbr@zonealarm.com

[2013/01/11 05:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/01/11 05:24:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2013/01/11 05:25:03 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/08/30 05:15:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/12/24 03:20:42 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/22 11:21:07 | 000,000,786 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)

O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - Reg Error: Value error. File not found

O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2011/05/10 02:11:00 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/02/15 06:49:21 | 000,000,000 | -H-D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108831

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108831

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341986214343 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357231945390 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:AutorunsDisabled () -

O24 - Desktop WallPaper: C:\WINDOWS\Untitled.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Untitled.bmp

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/07/26 09:42:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{a04af742-3b8c-11dc-aa28-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{a04af742-3b8c-11dc-aa28-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: winmgmt - C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe (Корпорация Майкрософт)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/11 08:06:33 | 000,184,832 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe

[2013/01/11 07:00:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2013/01/11 05:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/01/11 05:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ethiopia-forces-human-rights-funding_files

[2013/01/09 05:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\desert holidays htm._files

[2013/01/08 09:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Rosenbaum on adam curtis_files

[2013/01/08 06:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\wild river htm._files

[2013/01/07 08:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\patwardhan war and peace htm_files

[2013/01/07 07:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\patwardhan_files

[2013/01/07 05:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\quince caramelised duck breasts_files

[2013/01/07 05:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\quince-recipes-hugh-fearnley-whittingstall_files

[2013/01/06 05:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\sylvia plath and hughes_files

[2013/01/05 04:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\warm-chicken-salad-recipe-ottolenghi_files

[2013/01/04 01:58:22 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2013/01/04 01:58:22 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2013/01/03 11:56:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/01/03 11:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop

[2013/01/03 11:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Start Menu

[2013/01/03 11:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2013/01/03 11:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2013/01/03 11:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2013/01/03 11:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Secunia PSI

[2013/01/03 11:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia

[2012/12/30 04:09:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1

[2012/12/26 05:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster

[2012/12/26 05:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2012/12/25 04:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Prestige customer assistance - Prestige.co.uk_files

[2012/12/24 12:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\films about the financial crisis_files

[2012/12/24 08:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\0 Works12

[2012/12/24 04:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun

[2012/12/24 04:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/12/24 04:03:00 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/12/24 04:02:59 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/12/24 04:02:46 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/12/24 04:02:46 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/12/24 04:02:46 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2012/12/22 11:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Doctor Web

[2012/12/22 06:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2012/12/22 06:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security

[2012/12/21 12:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD

[2012/12/20 15:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ForceField Shared Files

[2012/12/20 15:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point

[2012/12/20 15:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD

[2012/12/20 15:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2012/12/19 12:30:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012/12/19 11:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira

[2012/12/19 11:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2012/12/19 11:01:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2012/12/19 11:01:52 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2012/12/19 11:01:52 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2012/12/19 11:01:52 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys

[2012/12/19 11:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012/12/19 11:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2012/12/19 10:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\0 news

[2012/12/19 08:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2012/12/18 11:49:03 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll

[2012/12/18 11:49:03 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll

[2012/12/18 11:49:03 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll

[2012/12/18 11:49:03 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll

[2012/12/18 11:49:03 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys

[2012/12/18 09:20:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/12/17 14:42:41 | 000,395,744 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys

[2012/12/17 14:42:38 | 000,114,048 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys

[2012/12/17 14:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acronis

[2012/12/17 14:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis

[2012/12/17 14:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis

[2012/12/17 12:17:22 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/12/17 08:35:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acronis

[2012/12/17 08:25:07 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll

[2012/12/17 08:21:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2012/12/16 03:12:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/12/16 03:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/12/16 03:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2012/12/15 08:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2012/12/15 07:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\quince and chicken livers_files

========== Files - Modified Within 30 Days ==========

[2013/01/11 11:51:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/01/11 08:34:59 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\mbam.job

[2013/01/11 08:34:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/01/11 08:33:00 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad

[2013/01/11 08:06:36 | 000,003,022 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

[2013/01/11 08:06:36 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk

[2013/01/11 08:06:33 | 000,184,832 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe

[2013/01/11 05:14:32 | 000,232,450 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ethiopia-forces-human-rights-funding.htm

[2013/01/11 04:05:30 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\mbam scan.job

[2013/01/11 03:11:11 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack BACKUP OF DATA.job

[2013/01/11 02:26:43 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack daily.job

[2013/01/11 01:58:22 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

[2013/01/09 05:40:58 | 000,287,239 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\desert holidays htm..htm

[2013/01/08 10:08:18 | 000,196,665 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2013/01/08 09:59:24 | 000,016,186 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Gavi La Battistina 2011.odt

[2013/01/08 09:29:26 | 000,158,877 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Rosenbaum on adam curtis.htm

[2013/01/08 07:11:37 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\mbam full scan.job

[2013/01/08 06:03:38 | 000,097,291 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\wild river htm..htm

[2013/01/07 08:02:59 | 000,028,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan war and peace htm.htm

[2013/01/07 07:39:03 | 000,017,483 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan.htm

[2013/01/07 05:38:40 | 000,106,276 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quince caramelised duck breasts.htm

[2013/01/07 05:32:33 | 000,280,933 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quince-recipes-hugh-fearnley-whittingstall.htm

[2013/01/06 14:12:44 | 000,148,773 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\axum deleted.odt

[2013/01/06 05:43:30 | 000,307,425 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\sylvia plath and hughes.htm

[2013/01/05 04:54:48 | 000,268,646 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\warm-chicken-salad-recipe-ottolenghi.htm

[2013/01/05 03:42:08 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\recipes.lnk

[2013/01/03 12:05:40 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup

[2013/01/03 12:04:14 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\soffice.exe.lnk

[2013/01/03 11:53:38 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\NetworkService\Desktop\SyncBack.lnk

[2013/01/03 11:52:02 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2013/01/03 11:48:17 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk

[2013/01/03 04:00:27 | 000,042,370 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Newly discovered world wonders.odt

[2013/01/03 03:35:15 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2013/01/01 17:47:48 | 000,026,603 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\change of view.odt

[2012/12/30 09:36:04 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/12/30 04:11:07 | 000,026,181 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mughal India.odt

[2012/12/30 04:09:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.4.1

[2012/12/28 09:31:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/26 05:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster

[2012/12/25 04:50:23 | 000,023,962 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Prestige customer assistance - Prestige.co.uk.htm

[2012/12/24 12:25:17 | 000,131,786 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\films about the financial crisis.htm

[2012/12/24 11:52:27 | 000,021,313 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\clean up.odt

[2012/12/24 04:02:36 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2012/12/24 04:02:35 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/12/24 04:02:35 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/12/24 04:02:35 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/12/24 04:02:35 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/12/24 04:02:34 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012/12/24 04:02:34 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2012/12/24 03:28:55 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/12/24 03:28:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/12/23 11:40:49 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2012/12/22 11:21:07 | 000,000,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/12/22 06:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security

[2012/12/21 02:01:13 | 000,071,707 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\stolen data.odt

[2012/12/20 15:44:50 | 000,411,125 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2012/12/20 15:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point

[2012/12/20 15:41:04 | 000,000,251 | ---- | M] () -- C:\user.js

[2012/12/19 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2012/12/17 14:42:41 | 000,395,744 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys

[2012/12/17 14:42:41 | 000,039,264 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys

[2012/12/17 14:42:38 | 000,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys

[2012/12/17 14:42:37 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 10.0.lnk

[2012/12/17 14:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acronis

[2012/12/17 12:17:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/12/17 04:52:41 | 000,000,453 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\0 toshiba n 550d.lnk

[2012/12/17 04:26:49 | 000,001,220 | ---- | M] () -- C:\WINDOWS\PHOTOHSE.INI

[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll

[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll

[2012/12/16 03:34:27 | 000,017,628 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\rogue killer.odt

[2012/12/16 03:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2012/12/15 07:40:16 | 000,195,798 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quince and chicken livers.htm

[2012/12/14 11:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/01/11 08:06:36 | 000,003,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

[2013/01/11 08:06:36 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk

[2013/01/11 08:06:34 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad

[2013/01/11 05:14:29 | 000,232,450 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ethiopia-forces-human-rights-funding.htm

[2013/01/09 05:40:54 | 000,287,239 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\desert holidays htm..htm

[2013/01/08 10:08:18 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2013/01/08 09:59:23 | 000,016,186 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Gavi La Battistina 2011.odt

[2013/01/08 09:29:22 | 000,158,877 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Rosenbaum on adam curtis.htm

[2013/01/08 06:03:29 | 000,097,291 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\wild river htm..htm

[2013/01/07 08:02:59 | 000,028,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan war and peace htm.htm

[2013/01/07 07:39:01 | 000,017,483 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\patwardhan.htm

[2013/01/07 05:38:39 | 000,106,276 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quince caramelised duck breasts.htm

[2013/01/07 05:32:30 | 000,280,933 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quince-recipes-hugh-fearnley-whittingstall.htm

[2013/01/06 14:12:44 | 000,148,773 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\axum deleted.odt

[2013/01/06 05:43:26 | 000,307,425 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\sylvia plath and hughes.htm

[2013/01/05 04:54:45 | 000,268,646 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\warm-chicken-salad-recipe-ottolenghi.htm

[2013/01/05 03:42:08 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\recipes.lnk

[2013/01/03 12:04:14 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\soffice.exe.lnk

[2013/01/03 11:53:38 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\NetworkService\Desktop\SyncBack.lnk

[2013/01/03 11:48:17 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk

[2013/01/03 04:00:27 | 000,042,370 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Newly discovered world wonders.odt

[2013/01/03 03:35:15 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2013/01/03 02:33:41 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\mbam full scan.job

[2013/01/01 17:46:12 | 000,026,603 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\change of view.odt

[2012/12/30 03:16:16 | 000,026,181 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mughal India.odt

[2012/12/29 06:31:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\mbam scan.job

[2012/12/29 06:27:20 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\mbam.job

[2012/12/25 04:50:20 | 000,023,962 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Prestige customer assistance - Prestige.co.uk.htm

[2012/12/24 12:25:14 | 000,131,786 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\films about the financial crisis.htm

[2012/12/24 10:35:15 | 000,021,313 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\clean up.odt

[2012/12/24 03:33:58 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

[2012/12/23 11:40:49 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2012/12/21 02:01:03 | 000,071,707 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\stolen data.odt

[2012/12/20 15:42:51 | 000,411,125 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2012/12/17 14:42:37 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 10.0.lnk

[2012/12/17 12:17:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/12/17 12:17:22 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/12/17 04:52:41 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\0 toshiba n 550d.lnk

[2012/12/16 03:34:27 | 000,017,628 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\rogue killer.odt

[2012/12/15 07:40:11 | 000,195,798 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quince and chicken livers.htm

[2012/07/24 17:56:22 | 000,001,220 | ---- | C] () -- C:\WINDOWS\PHOTOHSE.INI

[2012/04/09 10:50:15 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe

[2012/04/07 05:14:13 | 000,000,136 | ---- | C] () -- C:\WINDOWS\BuzzTWCP.INI

[2012/04/07 05:14:13 | 000,000,101 | ---- | C] () -- C:\WINDOWS\BUZZTWLC.INI

[2012/04/07 05:14:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BuzzTWSC.INI

[2012/04/07 05:09:19 | 000,000,339 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini

[2012/02/15 02:16:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/10/30 10:23:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2011/08/27 00:56:54 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\s-1-5-20.rrr

[2011/08/27 00:56:54 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr

[2011/04/29 02:59:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011/04/29 02:59:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2010/09/03 08:18:06 | 000,020,531 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4

[2010/09/03 05:27:33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\A17U.INI

[2010/09/03 05:24:53 | 000,015,360 | R--- | C] () -- C:\WINDOWS\System32\GetInst32.dll

[2010/03/16 09:06:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010/02/24 14:30:24 | 001,692,288 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe

[2010/02/24 14:30:24 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe

[2010/02/24 14:30:24 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll

[2010/02/24 14:30:24 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys

[2010/02/24 14:30:24 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys

[2010/02/21 06:21:30 | 000,071,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/02/21 05:29:23 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2010/02/07 06:35:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2010/02/05 08:24:21 | 000,000,031 | ---- | C] () -- C:\WINDOWS\pixcache.ini

[2010/02/05 08:20:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI

[2010/02/05 08:20:18 | 000,000,092 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2010/01/29 16:59:09 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll

[2010/01/29 11:23:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/01/29 04:11:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL

[2010/01/27 11:28:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/07/31 14:32:24 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/07/26 10:28:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/07/26 10:26:57 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/07/26 09:51:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

[2007/07/26 09:45:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2007/07/26 09:38:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/11/11 05:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll

[2005/11/11 05:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2004/08/12 08:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/12 08:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/12 08:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/12 08:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/12 08:26:07 | 000,343,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/12 08:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/12 08:26:05 | 000,052,868 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/12 08:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/12 08:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/12 08:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/12 08:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/12 08:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1998/06/01 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2012/12/17 08:35:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acronis

[2012/12/17 08:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acronis

[2010/11/01 10:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2012/12/21 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD

[2012/06/21 12:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint

[2012/04/07 04:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo

[2010/02/15 06:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gnupg

[2010/04/19 12:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro

[2010/10/06 12:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lasersoft Imaging

[2010/08/06 10:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound

[2010/10/30 10:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org

[2011/11/09 13:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit

[2012/01/21 12:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Product_RM

[2010/11/02 12:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProgSense

[2012/05/19 10:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Registry Mechanic

[2010/03/02 11:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird

[2012/05/12 02:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus

[2012/12/19 09:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2012/11/18 10:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint

[2012/05/12 02:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software

[2010/01/31 06:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2010/09/03 05:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft

[2013/01/02 03:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/03/09 14:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt

[2011/03/04 13:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/02/21 06:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2013/01/08 07:11:37 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\mbam full scan.job

[2013/01/11 04:05:30 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\mbam scan.job

[2013/01/11 08:34:59 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\mbam.job

[2013/01/11 03:11:11 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack BACKUP OF DATA.job

[2013/01/11 02:26:43 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack daily.job

[2012/05/19 10:34:52 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/05/12 00:24:56 | 000,080,590 | ---- | M] () -- C:\aaw7boot.log

[2007/07/26 09:42:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2012/11/21 13:25:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2012/12/17 12:17:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2004/08/03 18:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2007/07/26 09:42:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2007/07/26 09:42:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2007/07/26 09:42:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/12 08:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/08/28 06:37:46 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2013/01/11 11:50:27 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

[2012/12/20 15:41:04 | 000,000,251 | ---- | M] () -- C:\user.js

< MD5 for: EXPLORER.EXE >

[2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004/08/12 08:19:07 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2008/04/13 23:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

[2008/04/13 23:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

[2004/08/12 08:28:09 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: USERINIT.EXE >

[2004/08/12 08:31:54 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 23:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 23:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/12 08:33:32 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012/12/14 11:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/13 23:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 23:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

OK, basically what we want to do is copy the text that's in the code box into the Custom Scans/Fixes box of OTLPE

Here's how to do that:

Copy the text in the code box into notepad and save it:

:OTL

SRV - [2013/01/11 08:06:33 | 000,184,832 | ---- | M] (Корпорация Майкрософт) [Auto] -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe -- (winmgmt)

IE - HKU\Administrator_ON_C\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found

O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - Reg Error: Value error. File not found

NetSvcs: winmgmt - C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe (Корпорация Майкрософт)

[2013/01/11 08:06:33 | 000,184,832 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe

[2013/01/11 08:33:00 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad

[2013/01/11 08:06:36 | 000,003,022 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

[2013/01/11 08:06:36 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk

[2013/01/11 08:06:33 | 000,184,832 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe

[2013/01/11 08:06:36 | 000,003,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

[2013/01/11 08:06:36 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk

[2013/01/11 08:06:34 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here. MrC

Link to post
Share on other sites

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt deleted successfully.

C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe moved successfully.

Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\ not found.

winmgmt removed from NetSvcs value successfully!

File C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe not found.

File C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe not found.

C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad moved successfully.

C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js moved successfully.

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk moved successfully.

File C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe not found.

File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js not found.

File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk not found.

File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad not found.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 01112013_201102

Link to post
Share on other sites

Yes, there's more to do...............

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

No Malware found with rootkit. Windows update and internet connection working. Have lost secrity essentials. Tried to start but failed as below.

Method 3: Restart the Security Center service.

a. Click Start, Click Run, type “services.msc” (without quotes) and press Enter.

b. Double-click "Security Center" service. Click Stop, click Start.

Dialog box showing start, clicked it and got......"Could not start the Security Centre service on local computer. Error 1075: the dependancy service does not exist or has been marked for deletion."

Zonealarm Pro firewall working. Have started using the PC again with internet connection live.

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

www.malwarebytes.org

Database version: v2013.01.12.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: DELL [administrator]

12/01/2013 07:57:28

mbar-log-2013-01-12 (07-57-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 24645

Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 3.000000 GHz

Memory total: 1038856192, free: 508006400

------------ Kernel report ------------

01/12/2013 07:46:37

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

timntr.sys

uagp35.sys

snapman.sys

Mup.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\sisnic.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\flpydisk.sys

\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\vsdatant.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\ssmdrv.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\avkmgr.sys

\SystemRoot\system32\DRIVERS\avipbb.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\framebuf.dll

\SystemRoot\system32\DRIVERS\avgntflt.sys

\SystemRoot\system32\DRIVERS\tifsfilt.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\System32\Drivers\ParVdm.SYS

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\psi_mf.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff85f89ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff85fc7940

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.01.12.05

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 2.992000 GHz

Memory total: 2138025984, free: 1684660224

------------ Kernel report ------------

01/12/2013 07:49:18

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

PCIIde.sys

\WINDOWS\System32\Drivers\PCIIDEX.SYS

intelide.sys

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

timntr.sys

snapman.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

Mup.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ialmnt5.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\e1000325.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\incdrm.SYS

\SystemRoot\System32\DRIVERS\InCDPass.sys

\SystemRoot\system32\drivers\smwdm.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\senfilt.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\InCDrec.SYS

\SystemRoot\System32\Drivers\InCDfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\vsdatant.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\ssmdrv.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\avkmgr.sys

\SystemRoot\system32\DRIVERS\avipbb.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ialmdnt5.dll

\SystemRoot\System32\ialmrnt5.dll

\SystemRoot\System32\ialmdev5.DLL

\SystemRoot\System32\ialmdd5.DLL

\SystemRoot\system32\DRIVERS\avgntflt.sys

\SystemRoot\system32\DRIVERS\tifsfilt.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\ParVdm.SYS

\SystemRoot\System32\Drivers\Aspi32.SYS

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\sr.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR6

Upper Device Object: 0xffffffff897ac888

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000069\

Lower Device Object: 0xffffffff89f76030

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a6bbab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff8a6f4d98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Load Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a6bbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a69a9e0, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff8a698908, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a6bbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a6f4d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe186e300, 0xffffffff8a6bbab8, 0xffffffff8971f708

Lower DeviceData: 0xffffffffe30405a0, 0xffffffff8a6f4d98, 0xffffffff896fe560

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: A1CCA1CC

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 36885177

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 36885240 Numsec = 48034350

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 84919590 Numsec = 71392860

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 80032038912 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156292576-156312576)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff897ac888, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89d63ca0, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff89827ac0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff897ac888, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89f76030, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xffffffffe3045130, 0xffffffff897ac888, 0xffffffff8986e6c8

Lower DeviceData: 0xffffffffe3062440, 0xffffffff89f76030, 0xffffffff89718480

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: FFE89CEC

Partition information:

Partition 0 type is Other (0xb)

Partition is NOT ACTIVE.

Partition starts at LBA: 44 Numsec = 15679396

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 8036285952 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

I forgot add that I used fixdamage.exe but that failed to deal with Security Essentials.

In windows the message.............. Windows firewall setting cannot be displayed because associated service is not running. Do you want to start Windows Firewall / Internet Connecting Sharing (ICS) service.

Saying Yes to this I get................ Windows cannot start (ICS) service.

If neccessary I can recover to a True Image Backup.

Link to post
Share on other sites

Hi Again.................was looking for solutions to Security Centre when Avira Anti Virus flagged up

TR/Kazy.134631.1 which is the same exercise you found last night. Its now in Avira's quarantine with a file name of

C:\_OTL\Moved File\01112013_201102\C_Documents& Settings\Admin............\wgsdgsdgdsgsd.exe

Link to post
Share on other sites

Hi Panda Cloud Cleaner came up with this suspicious policy. Should I ignore it?

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sUPERHIDDEN] to be changed to: 0

Let it be changed.

~~~~~~~~~~~~~~~~~~~~~~

Hi Again.................was looking for solutions to Security Centre when Avira Anti Virus flagged up

TR/Kazy.134631.1 which is the same exercise you found last night. Its now in Avira's quarantine with a file name of

C:\_OTL\Moved File\01112013_201102\C_Documents& Settings\Admin............\wgsdgsdgdsgsd.exe

That's OK

~~~~~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I have disconnected the machine from the internet.

Combofix has been running for 20 mins and has not gone beyond..........

Scanning for infected files

Typically.........................10 mins

However.........................................................easily double

no flashing cursur after that

It looks as though the system is frozen, clock is fixed on Combo start time, which happened when we tried to use ComboFix with our last problem you dealt with.

Have disabled Firewall and Antivirus in icons bottom right of desktop.

I will leave Combofix in its present frozen state untill I hear back from you.

Link to post
Share on other sites

Try it like this......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Link to post
Share on other sites

Hi....its now an hour since I started Combo and it still hasn't scanned, the machine is frozen so I will power it down on the tower.

Maybe of interest, Startup in ccleaner is shwing enabled programs for forewall and anti-virus once both have been disabled in idesktop icons, bottom right.

Just got your reply and will try that

Link to post
Share on other sites

"%userprofile%\desktop\combofix.exe" /nombrComboFix 13-01-12.01 - Administrator 12/01/2013 17:18:11.1.2 - x86

Running from: c:\documents and settings\Administrator\desktop\combofix.exe

Command switches used :: /nombr

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\CTL3D.1

c:\windows\system\Color

.

.

((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))

.

.

2013-01-12 01:11 . 2013-01-12 01:11 -------- d-----w- C:\_OTL

2013-01-08 15:08 . 2013-01-08 15:08 196665 -c--a-w- c:\windows\system32\dllcache\imjpinst.exe

2013-01-04 06:58 . 2012-06-02 15:18 275696 ----a-w- c:\windows\system32\mucltui.dll

2013-01-03 16:52 . 2013-01-03 16:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2013-01-03 16:48 . 2013-01-03 16:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Secunia PSI

2013-01-03 16:48 . 2013-01-03 16:48 -------- d-----w- c:\program files\Secunia

2012-12-26 10:27 . 2012-12-27 07:52 -------- d-----w- c:\program files\SpywareBlaster

2012-12-24 09:15 . 2012-12-24 09:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun

2012-12-24 09:03 . 2012-12-24 09:03 -------- d-----w- c:\program files\Common Files\Java

2012-12-24 09:03 . 2012-12-24 09:02 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-12-24 09:02 . 2012-12-24 09:02 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-22 16:11 . 2012-12-23 10:13 -------- d-----w- c:\documents and settings\Administrator\Doctor Web

2012-12-22 11:31 . 2012-12-22 11:31 -------- d-----w- c:\program files\Panda Security

2012-12-21 17:00 . 2012-12-21 17:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Check Point Software Technologies LTD

2012-12-20 20:41 . 2012-12-20 20:41 -------- d-----w- c:\program files\Check Point Software Technologies LTD

2012-12-20 20:40 . 2012-12-20 20:42 -------- d-----w- c:\program files\CheckPoint

2012-12-19 16:07 . 2012-12-19 16:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira

2012-12-19 16:01 . 2012-11-27 10:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-12-19 16:01 . 2012-11-22 15:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-12-19 16:01 . 2012-11-22 15:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-12-19 16:01 . 2012-12-19 16:01 -------- d-----w- c:\program files\Avira

2012-12-19 16:01 . 2012-12-19 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2012-12-18 16:49 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2012-12-18 16:49 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll

2012-12-18 16:49 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2012-12-18 16:49 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll

2012-12-18 16:49 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2012-12-17 19:42 . 2012-12-17 19:42 395744 ----a-w- c:\windows\system32\drivers\timntr.sys

2012-12-17 19:42 . 2012-12-17 19:42 114048 ----a-w- c:\windows\system32\drivers\snapman.sys

2012-12-17 19:42 . 2012-12-17 19:42 -------- d-----w- c:\program files\Common Files\Acronis

2012-12-17 19:42 . 2012-12-17 19:42 -------- d-----w- c:\program files\Acronis

2012-12-17 13:25 . 2008-04-14 05:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2012-12-17 13:25 . 2008-04-14 05:41 21504 ----a-w- c:\windows\system32\hidserv.dll

2012-12-17 13:21 . 2012-12-17 13:21 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-12-16 08:11 . 2012-12-16 08:12 -------- d-----w- c:\program files\ERUNT

2012-12-15 13:15 . 2012-12-15 13:44 -------- d-----w- c:\program files\trend micro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-12 14:05 . 2012-04-09 09:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-12 14:05 . 2011-05-24 10:38 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-24 09:02 . 2012-06-21 17:27 859072 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-12-24 09:02 . 2010-06-24 16:25 779704 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-17 19:42 . 2010-01-27 15:29 39264 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2012-12-16 12:23 . 2004-08-12 13:17 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 16:49 . 2012-03-27 06:58 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-13 01:25 . 2004-08-12 13:33 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01 . 2009-08-28 11:44 1371648 ----a-w- c:\windows\system32\msxml6.dll

2012-11-02 02:02 . 2004-08-12 13:18 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-12 13:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec

2013-01-11 10:25 . 2013-01-11 10:24 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-07 73392]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2006-10-16 21:13 87584 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

2006-10-16 21:17 1941784 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2012-12-04 15:36 384800 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 04:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 16:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 09:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2006-10-16 21:12 1164912 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]

R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys [x]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]

S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WINMGMT

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-08 c:\windows\Tasks\mbam full scan.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49]

.

2013-01-12 c:\windows\Tasks\mbam scan.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49]

.

2013-01-12 c:\windows\Tasks\mbam.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49]

.

2013-01-11 c:\windows\Tasks\SyncBack BACKUP OF DATA.job

- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-01-28 15:42]

.

2013-01-12 c:\windows\Tasks\SyncBack daily.job

- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-01-28 15:42]

.

2012-05-19 c:\windows\Tasks\wavepadShakeIcon.job

- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-08-06 15:56]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Download Flash with Flash &Grabber - c:\progra~1\FLASHG~1\swfgrab.dll/iesave

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - ExtSQL: 2012-12-06 08:11; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi

FF - ExtSQL: 2012-12-20 20:42; ffxtlbr@zonealarm.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\ffxtlbr@zonealarm.com

FF - ExtSQL: 2012-12-20 20:42; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker

FF - user.js: extensions.zonealarm.autoRvrt - false

FF - user.js: extensions.zonealarm_i.newTab - false

FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN116050713161252-1043&toolbarId=base&affiliateId=1043&Lan={dfltLng}&utid=a886ccab0000000000000019b92f743a&q=

FF - user.js: extensions.zonealarm.id - a886ccab0000000000000019b92f743a

FF - user.js: extensions.zonealarm.instlDay - 15694

FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4

FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4

FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.420:41

FF - user.js: extensions.zonealarm.prtnrId - checkpoint

FF - user.js: extensions.zonealarm.prdct - zonealarm

FF - user.js: extensions.zonealarm.aflt - 1043

FF - user.js: extensions.zonealarm_i.smplGrp - none

FF - user.js: extensions.zonealarm.tlbrId - base

FF - user.js: extensions.zonealarm.instlRef - ZLN116050713161252-1043

FF - user.js: extensions.zonealarm.dfltLng - en

FF - user.js: extensions.zonealarm.excTlbr - false

FF - user.js: extensions.zonealarm.admin - false

.

.

------- File Associations -------

.

.reg=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - (no file)

HKLM-Run-ISW - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-12 17:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1409082233-308236825-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,01,6e,95,85,24,cb,46,98,0e,52,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,01,6e,95,85,24,cb,46,98,0e,52,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,09,94,b5,fa,f4,b5,4c,ad,d9,94,\

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(896)

c:\windows\system32\relog_ap.dll

.

Completion time: 2013-01-12 17:34:37

ComboFix-quarantined-files.txt 2013-01-12 17:34

.

Pre-Run: 8,221,978,624 bytes free

Post-Run: 8,225,382,400 bytes free

.

- - End Of File - - 81720C3131722C7B4419220865F6F89E

Link to post
Share on other sites

Looks Good > lets check for adware...........

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbar and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

I am a little lost here. Are we deleting firefox profiles or elements within the profiles. Are some of these bookmarks ? What may occur once the items are deleted ?

# AdwCleaner v2.105 - Logfile created 01/12/2013 at 18:11:17

# Updated 08/01/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - DELL

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\user.js

Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions\staged

Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\ConduitCommon

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit

***** [Registry] *****

Key Found : HKCU\Software\Headlight

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3015261

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKU\S-1-5-21-1409082233-308236825-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\prefs.js

Found : user_pref("CT2645238..clientLogIsEnabled", false);

Found : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT2645238.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2645238.CTID", "CT2645238");

Found : user_pref("CT2645238.CurrentServerDate", "6-8-2012");

Found : user_pref("CT2645238.DSInstall", false);

Found : user_pref("CT2645238.DialogsAlignMode", "LTR");

Found : user_pref("CT2645238.DialogsGetterLastCheckTime", "Mon Aug 06 2012 07:00:20 GMT+0100 (GMT Daylight T[...]

Found : user_pref("CT2645238.DownloadReferralCookieData", "");

Found : user_pref("CT2645238.EMailNotifierPollDate", "Sat Jun 23 2012 10:51:02 GMT+0100 (GMT Daylight Time)"[...]

Found : user_pref("CT2645238.FirstServerDate", "22-6-2012");

Found : user_pref("CT2645238.FirstTime", true);

Found : user_pref("CT2645238.FirstTimeFF3", true);

Found : user_pref("CT2645238.FixPageNotFoundErrors", true);

Found : user_pref("CT2645238.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2645238.HPInstall", false);

Found : user_pref("CT2645238.HasUserGlobalKeys", true);

Found : user_pref("CT2645238.HomePageProtectorEnabled", false);

Found : user_pref("CT2645238.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");

Found : user_pref("CT2645238.Initialize", true);

Found : user_pref("CT2645238.InitializeCommonPrefs", true);

Found : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT2645238.InstallationId", "ct2645238_zonealarm_security.exe");

Found : user_pref("CT2645238.InstallationType", "ConduitXPEIntegration");

Found : user_pref("CT2645238.InstalledDate", "Fri Jun 22 2012 12:59:12 GMT+0100 (GMT Daylight Time)");

Found : user_pref("CT2645238.IsAlertDBUpdated", true);

Found : user_pref("CT2645238.IsGrouping", false);

Found : user_pref("CT2645238.IsInitSetupIni", true);

Found : user_pref("CT2645238.IsMulticommunity", false);

Found : user_pref("CT2645238.IsOpenThankYouPage", false);

Found : user_pref("CT2645238.IsOpenUninstallPage", false);

Found : user_pref("CT2645238.LanguagePackLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Ti[...]

Found : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2645238.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:32:58 GMT+0100 (GMT Daylight Time)");

Found : user_pref("CT2645238.LastLogin_3.14.1.0", "Mon Aug 06 2012 06:48:37 GMT+0100 (GMT Daylight Time)");

Found : user_pref("CT2645238.LastLogin_3.9.0.3", "Sat Jun 23 2012 06:44:56 GMT+0100 (GMT Daylight Time)");

Found : user_pref("CT2645238.LatestVersion", "3.14.1.0");

Found : user_pref("CT2645238.Locale", "en");

Found : user_pref("CT2645238.MCDetectTooltipHeight", "83");

Found : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2645238.MCDetectTooltipWidth", "295");

Found : user_pref("CT2645238.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT2645238.OriginalFirstVersion", "3.9.0.3");

Found : user_pref("CT2645238.SearchCaption", "ZoneAlarm Security Customized Web Search");

Found : user_pref("CT2645238.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Found : user_pref("CT2645238.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...]

Found : user_pref("CT2645238.SearchInNewTabEnabled", true);

Found : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight [...]

Found : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2645238.SearchProtectorEnabled", false);

Found : user_pref("CT2645238.SearchProtectorToolbarDisabled", true);

Found : user_pref("CT2645238.SendProtectorDataViaLogin", true);

Found : user_pref("CT2645238.ServiceMapLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Time[...]

Found : user_pref("CT2645238.SettingsLastCheckTime", "Mon Aug 06 2012 06:48:36 GMT+0100 (GMT Daylight Time)"[...]

Found : user_pref("CT2645238.SettingsLastUpdate", "1342353030");

Found : user_pref("CT2645238.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13");

Found : user_pref("CT2645238.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Sat Jun 23 2012 07:37:29 GMT+0100 (GMT Dayligh[...]

Found : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1331805997");

Found : user_pref("CT2645238.ToolbarDisabled", true);

Found : user_pref("CT2645238.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238");

Found : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT2645238.UserID", "UN41505695258218955");

Found : user_pref("CT2645238.ValidationData_Search", 0);

Found : user_pref("CT2645238.ValidationData_Toolbar", 2);

Found : user_pref("CT2645238.alertChannelId", "1037922");

Found : user_pref("CT2645238.autoDisableScopes", -1);

Found : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Fri Jun 22 2012 12:59:13 GMT+0100 (GMT Dayl[...]

Found : user_pref("CT2645238.homepageProtectorEnableByLogin", true);

Found : user_pref("CT2645238.initDone", true);

Found : user_pref("CT2645238.isAppTrackingManagerOn", true);

Found : user_pref("CT2645238.myStuffEnabled", true);

Found : user_pref("CT2645238.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2645238.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2645238.revertSettingsEnabled", true);

Found : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT2645238.searchProtectorEnableByLogin", true);

Found : user_pref("CT2645238.testingCtid", "");

Found : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Sun Aug 05 2012 10:11:03 GMT+0100 (GMT Dayli[...]

Found : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Fri Jun 22 2012 12:59:16 GMT+0100 (GMT Dayli[...]

Found : user_pref("CT2645238.usagesFlag", 2);

Found : user_pref("CT3015261..clientLogIsEnabled", true);

Found : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT3015261.AppTrackingLastCheckTime", "Sat Aug 06 2011 10:09:59 GMT+0100 (GMT Daylight Tim[...]

Found : user_pref("CT3015261.CTID", "CT3015261");

Found : user_pref("CT3015261.CurrentServerDate", "7-8-2011");

Found : user_pref("CT3015261.DialogsAlignMode", "LTR");

Found : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight T[...]

Found : user_pref("CT3015261.DownloadReferralCookieData", "");

Found : user_pref("CT3015261.EMailNotifierPollDate", "Sat Aug 06 2011 11:01:41 GMT+0100 (GMT Daylight Time)"[...]

Found : user_pref("CT3015261.FirstServerDate", "6-8-2011");

Found : user_pref("CT3015261.FirstTime", true);

Found : user_pref("CT3015261.FirstTimeFF3", true);

Found : user_pref("CT3015261.FixPageNotFoundErrors", true);

Found : user_pref("CT3015261.GroupingServerCheckInterval", 1440);

Found : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT3015261.HasUserGlobalKeys", true);

Found : user_pref("CT3015261.HomePageProtectorEnabled", false);

Found : user_pref("CT3015261.Initialize", true);

Found : user_pref("CT3015261.InitializeCommonPrefs", true);

Found : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe");

Found : user_pref("CT3015261.InstallationType", "ConduitIntegration");

Found : user_pref("CT3015261.InstalledDate", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight Time)");

Found : user_pref("CT3015261.IsAlertDBUpdated", true);

Found : user_pref("CT3015261.IsGrouping", false);

Found : user_pref("CT3015261.IsInitSetupIni", true);

Found : user_pref("CT3015261.IsMulticommunity", false);

Found : user_pref("CT3015261.IsOpenThankYouPage", false);

Found : user_pref("CT3015261.IsOpenUninstallPage", false);

Found : user_pref("CT3015261.LanguagePackLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight Ti[...]

Found : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT3015261.LastLogin_3.5.1.1", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Daylight Time)");

Found : user_pref("CT3015261.LatestVersion", "3.3.5.1");

Found : user_pref("CT3015261.Locale", "en");

Found : user_pref("CT3015261.MCDetectTooltipHeight", "83");

Found : user_pref("CT3015261.MCDetectTooltipShow", false);

Found : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT3015261.MCDetectTooltipWidth", "295");

Found : user_pref("CT3015261.MyStuffEnabledAtInstallation", false);

Found : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1");

Found : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Found : user_pref("CT3015261.SearchFromAddressBarIsInit", true);

Found : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]

Found : user_pref("CT3015261.SearchInNewTabEnabled", true);

Found : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight [...]

Found : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Found : user_pref("CT3015261.SearchProtectorEnabled", false);

Found : user_pref("CT3015261.SearchProtectorToolbarDisabled", true);

Found : user_pref("CT3015261.ServiceMapLastCheckTime", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Daylight Time[...]

Found : user_pref("CT3015261.SettingsLastCheckTime", "Sun Aug 07 2011 06:51:02 GMT+0100 (GMT Daylight Time)"[...]

Found : user_pref("CT3015261.SettingsLastUpdate", "1311168858");

Found : user_pref("CT3015261.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Dayligh[...]

Found : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1246786978");

Found : user_pref("CT3015261.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261");

Found : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT3015261.UserID", "UN29909517275356115");

Found : user_pref("CT3015261.ValidationData_Search", 2);

Found : user_pref("CT3015261.ValidationData_Toolbar", 2);

Found : user_pref("CT3015261.alertChannelId", "1406927");

Found : user_pref("CT3015261.approveUntrustedApps", true);

Found : user_pref("CT3015261.backendstorage.youtube_user_first_login_date", "30382F30372F32303131");

Found : user_pref("CT3015261.backendstorage.youtube_user_survey_visit", "4E4F545F56495349544544");

Found : user_pref("CT3015261.backendstorage.youtubelang", "5553");

Found : user_pref("CT3015261.components.1000034", false);

Found : user_pref("CT3015261.components.129506578327572375", false);

Found : user_pref("CT3015261.components.129506578328099741", false);

Found : user_pref("CT3015261.components.129506578328177870", false);

Found : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Dayl[...]

Found : user_pref("CT3015261.homepageProtectorEnableByLogin", true);

Found : user_pref("CT3015261.initDone", true);

Found : user_pref("CT3015261.isAppTrackingManagerOn", true);

Found : user_pref("CT3015261.myStuffEnabled", true);

Found : user_pref("CT3015261.myStuffPublihserMinWidth", 400);

Found : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT3015261.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...]

Found : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT3015261.searchProtectorEnableByLogin", true);

Found : user_pref("CT3015261.testingCtid", "");

Found : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Dayli[...]

Found : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Dayli[...]

Found : user_pref("CT3015261.usagesFlag", 2);

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/UK", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/UK", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/6340849608501725[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...]

Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]

Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Found : user_pref("CommunityToolbar.ToolbarsList", "CT3015261,CT2645238");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261,CT2645238");

Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261,CT2645238");

Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 06 2011 10:09:52 GMT+0100 (GMT[...]

Found : user_pref("CommunityToolbar.globalUserId", "a29860f5-c187-4efc-91d4-fe8b2af9f40f");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261");

Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 22 2012 12:59:1[...]

Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 22 2012 14:05:35 GMT+010[...]

Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.notifications.locale", "en");

Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 22 2012 12:59:08 GMT+0100 (G[...]

Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.notifications.userId", "50271d6e-f331-4238-b586-bfb3d8314667");

Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

*************************

AdwCleaner[R1].txt - [22808 octets] - [12/01/2013 18:11:17]

########## EOF - C:\AdwCleaner[R1].txt - [22869 octets] ##########

Link to post
Share on other sites

Are we deleting firefox profiles or elements within the profiles. Are some of these bookmarks ?

No and No.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbar and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

Here's some of what's going to be deleted: (I can't go through every line and tell you what it is, but like I said "you don't want this stuff on your system:

ConduitCommon

Conduit

CommunityToolbar

SearchProtectorToolbar

If you would rather not run it, it's OK we me....just be aware of what's on the system.

MrC

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.