Jump to content


Photo

Infected, and TFC is freezing


  • Please log in to reply
9 replies to this topic

#1 mack202

mack202

    Active Member

  • Active Members
  • 10 posts

Posted 26 August 2011 - 02:08 PM

hey

Typical computer slowness, the occasional seemingly random Trojan being removed on the fly with MSE, and a few other things like my windows backup to my external G drive no longer working led me to believe I needed to perform some security maintenance... so here I am!
(ps. i searched the error code for my windows backup error, can't remember it but i ended up turning back on shadow copy, so that may have just been a setting that got messed up when i changed hard drives... havn't tried to backup since)

So anyway I ran a full scan the C drive (system) and E drive (storage), using microsoft security essentials.
Results here:



Then I found this forum again, downloaded Malwarebytes.
Did a quick scan, found 3

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7576

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

26/08/2011 11:32:33 PM
mbam-log-2011-08-26 (23-32-33).txt

Scan type: Quick scan
Objects scanned: 181670
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\pezfile\shell\open\command\(default) (Rogue.MultipleAV) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\USER\AppData\Local\pw.exe" /START "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\USER\local settings\application data\opRSK (Malware.Trace) -> Quarantined and deleted successfully.


(Interesting that it mentions pw.exe, i got malwareanitbytes to remve that late last year I thought.)

Then i tried to run TFC, but it freezes up on me.

Is there more for me to do?

Thanks!

Edited by mack202, 26 August 2011 - 02:16 PM.


#2 sempai

sempai

    3 stars and a sun

  • Admin
  • 1,043 posts

Posted 27 August 2011 - 03:07 PM

Hi,

Can you please run all the tools/scans listed in the preparation guide and post their logs so we can figure out the culprit of your computer problem.

#3 mack202

mack202

    Active Member

  • Active Members
  • 10 posts

Posted 25 September 2011 - 10:06 AM

Hey again.
ok I went through all the steps. Everything worked fine except the TFC crashed after deleting some java stuff i think.

Oh and more of my issues, the last time i tried to backup (this morning), MSE found Exploit:JS/BlacoleRef.D, and then the backup failed.
This has happend the last 5 times i've tried to backup.

Also, while running the MBAM today, the MSE found and removed:
Exploit:Java/Midesq.A
Exploit:Java/CVE-2010-0840.KX

Edited by mack202, 25 September 2011 - 10:24 AM.


#4 mack202

mack202

    Active Member

  • Active Members
  • 10 posts

Posted 25 September 2011 - 10:07 AM

MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7795

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

25/09/2011 7:34:40 PM
mbam-log-2011-09-25 (19-34-40).txt

Scan type: Quick scan
Objects scanned: 187792
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#5 mack202

mack202

    Active Member

  • Active Members
  • 10 posts

Posted 25 September 2011 - 10:08 AM

OTL.txt

OTL logfile created on: 25/09/2011 7:56:37 PM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\USER\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 60.00% Memory free
6.70 Gb Paging File | 4.76 Gb Available in Paging File | 71.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 212.75 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1401.31 Gb Free Space | 75.22% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 391.10 Gb Free Space | 41.99% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/27 00:26:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
PRC - [2008/12/09 05:34:34 | 001,021,768 | ---- | M] (epgStream.net) -- C:\Program Files (x86)\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxy.exe
PRC - [2008/09/28 01:20:32 | 000,022,016 | ---- | M] (epgStream.net) -- C:\Program Files (x86)\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe
PRC - [2008/09/28 01:12:00 | 000,040,960 | ---- | M] (epgStream.net) -- C:\Program Files (x86)\epgStream.net\xmltvDownload\xmltvDownloadHost.exe
PRC - [2008/04/22 18:23:02 | 000,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/02/18 23:39:26 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/04/22 18:23:02 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2008/01/21 12:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/06/07 09:41:54 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 18:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/03/30 14:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/09/28 01:20:32 | 000,022,016 | ---- | M] (epgStream.net) [Auto | Running] -- C:\Program Files (x86)\epgStream.net\wmcGuideServiceProxy\wmcGuideServiceProxyHost.exe -- (wmcGuideServiceProxy)
SRV - [2008/09/28 01:12:00 | 000,040,960 | ---- | M] (epgStream.net) [Auto | Running] -- C:\Program Files (x86)\epgStream.net\xmltvDownload\xmltvDownloadHost.exe -- (xmltvDownload)
SRV - [2008/08/25 19:56:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/30 16:30:54 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2011/07/30 16:30:54 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/07/30 16:27:07 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2011/07/30 16:27:03 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/20 20:55:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/12 12:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/07/12 12:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/10/01 10:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/25 16:32:08 | 000,198,784 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMUVC.sys -- (VMUVC)
DRV:64bit: - [2009/03/27 14:26:52 | 001,505,152 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hcw89.sys -- (hcw89)
DRV:64bit: - [2008/12/18 22:47:18 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/12/18 22:47:10 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008/12/18 22:46:36 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/01 10:14:42 | 000,303,616 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vvftUVC.sys -- (vvftUVC)
DRV:64bit: - [2008/06/27 01:40:36 | 000,399,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2008/03/10 19:30:38 | 000,021,920 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2007/12/06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/08/29 12:44:38 | 000,435,200 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2007/04/02 10:56:42 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt)
DRV:64bit: - [2007/03/24 13:20:18 | 000,069,120 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2006/11/01 09:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/02/07 21:53:22 | 000,008,704 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2007/04/03 12:32:30 | 000,262,440 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\rtl8187.sys -- (RTL8187)
DRV - [2007/04/02 10:56:42 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\RtlProt.sys -- (RtlProt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...mp;cr=179401602

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...mp;cr=179401602
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Foxtab Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.smh.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\USER\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\USER\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 07:40:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/08 22:27:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5C8A3145-992C-4A4A-BD16-101E79977192}: C:\Users\USER\AppData\Local\{5C8A3145-992C-4A4A-BD16-101E79977192} [2011/08/16 22:47:36 | 000,000,000 | ---D | M]

[2009/04/23 20:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\Mozilla\Extensions
[2011/08/13 17:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\vi8znr1n.default\extensions
[2011/06/19 09:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/20 15:59:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/24 07:36:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/11 21:16:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 11:15:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/19 09:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2009/09/03 07:27:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/08 07:40:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/08 22:27:12 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/08 22:27:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/08 22:27:12 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/08 22:27:12 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/08 22:27:12 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 07:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-au.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\USER\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\USER\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03b69261-887e-11dd-b643-001fc68847c1}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe
O33 - MountPoints2\{1e0b651d-4584-11de-a92c-001fc68847c1}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{75637bea-4905-11dd-ad7f-001fc68847c1}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe
O33 - MountPoints2\{a822f646-b0f8-11dd-a9c0-001fc68847c1}\Shell\AutoRun\command - "" = F:\wdsync.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/19 07:22:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/06 18:37:00 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\ebay
[2011/09/03 17:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 4.0
[2011/09/03 17:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro4
[2011/09/03 17:12:42 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\HDRsoft
[2011/09/03 16:48:15 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\{8A4199DE-2998-4A23-8510-49117A32DB79}
[2011/09/03 16:47:31 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\{DFA3E743-65F9-45BD-B81D-949929FD7BC1}
[2011/09/03 16:47:31 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\{386D390F-6E98-4354-8CEF-CA545C93C8A3}
[2011/08/27 00:26:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
[2011/08/26 23:43:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\USER\Desktop\TFC.exe
[2011/08/26 23:33:04 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\PrimoPDF
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/25 19:45:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/25 19:45:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/25 19:37:01 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2011/09/25 19:28:15 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/09/25 19:27:55 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/25 19:27:55 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/25 19:27:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/25 13:26:36 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/25 13:23:32 | 3488,735,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/25 00:48:26 | 000,012,456 | ---- | M] () -- C:\Users\USER\Desktop\cameraprices.ods
[2011/09/24 14:47:35 | 000,816,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/24 14:47:35 | 000,686,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/24 14:47:35 | 000,140,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/19 07:32:05 | 000,803,016 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/13 20:41:20 | 000,030,151 | ---- | M] () -- C:\Users\USER\Desktop\ebay dispute.odt
[2011/09/13 19:28:18 | 000,100,611 | ---- | M] () -- C:\Users\USER\Desktop\ebay1.jpg
[2011/09/10 10:53:23 | 000,127,303 | ---- | M] () -- C:\Users\USER\Desktop\Untitled-5.jpg
[2011/09/10 10:43:02 | 000,060,686 | ---- | M] () -- C:\Users\USER\Desktop\fleabay.jpg
[2011/09/09 00:31:05 | 000,014,865 | ---- | M] () -- C:\Users\USER\Desktop\ebay-dispute.ods
[2011/09/08 21:34:22 | 000,079,479 | ---- | M] () -- C:\Users\USER\Desktop\dad.jpg
[2011/09/08 21:33:08 | 000,166,400 | ---- | M] () -- C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/06 21:07:01 | 000,065,326 | ---- | M] () -- C:\Users\USER\Desktop\Untitled-2.jpg
[2011/09/06 18:25:29 | 000,137,088 | ---- | M] () -- C:\Users\USER\Desktop\ebay-selling fees 06-09-2011.pdf
[2011/09/06 17:55:30 | 000,018,001 | ---- | M] () -- C:\Users\USER\Desktop\Untitled-1.jpg
[2011/09/03 17:12:46 | 000,001,739 | ---- | M] () -- C:\Users\USER\Desktop\Photomatix Pro 4.0 (64-bit).lnk
[2011/08/31 22:16:54 | 000,027,532 | ---- | M] () -- C:\Users\USER\Desktop\car history.odt
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/27 00:26:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
[2011/08/27 00:00:57 | 000,047,788 | ---- | M] () -- C:\Users\USER\Desktop\MSElog.jpg
[2011/08/27 00:00:19 | 000,000,000 | -H-- | M] () -- C:\Users\USER\Documents\Default.rdp
[2011/08/26 23:45:00 | 000,172,614 | ---- | M] () -- C:\Users\USER\Desktop\Guidelines_Instructions for Posting in this Forum - Gladiator Security Forum.pdf
[2011/08/26 23:44:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\TFC.exe
[2011/08/26 23:33:31 | 000,172,819 | ---- | M] () -- C:\Users\USER\Documents\Guidelines_Instructions for Posting in this Forum - Gladiator Security Forum.pdf
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/13 19:28:17 | 000,100,611 | ---- | C] () -- C:\Users\USER\Desktop\ebay1.jpg
[2011/09/10 10:53:22 | 000,127,303 | ---- | C] () -- C:\Users\USER\Desktop\Untitled-5.jpg
[2011/09/10 10:43:02 | 000,060,686 | ---- | C] () -- C:\Users\USER\Desktop\fleabay.jpg
[2011/09/08 23:03:50 | 000,030,151 | ---- | C] () -- C:\Users\USER\Desktop\ebay dispute.odt
[2011/09/08 22:25:40 | 000,014,865 | ---- | C] () -- C:\Users\USER\Desktop\ebay-dispute.ods
[2011/09/08 21:34:22 | 000,079,479 | ---- | C] () -- C:\Users\USER\Desktop\dad.jpg
[2011/09/06 21:07:00 | 000,065,326 | ---- | C] () -- C:\Users\USER\Desktop\Untitled-2.jpg
[2011/09/06 18:25:28 | 000,137,088 | ---- | C] () -- C:\Users\USER\Desktop\ebay-selling fees 06-09-2011.pdf
[2011/09/06 17:55:29 | 000,018,001 | ---- | C] () -- C:\Users\USER\Desktop\Untitled-1.jpg
[2011/09/03 17:12:46 | 000,001,739 | ---- | C] () -- C:\Users\USER\Desktop\Photomatix Pro 4.0 (64-bit).lnk
[2011/08/31 21:29:48 | 000,027,532 | ---- | C] () -- C:\Users\USER\Desktop\car history.odt
[2011/08/27 00:00:57 | 000,047,788 | ---- | C] () -- C:\Users\USER\Desktop\MSElog.jpg
[2011/08/27 00:00:19 | 000,000,000 | -H-- | C] () -- C:\Users\USER\Documents\Default.rdp
[2011/08/26 23:44:59 | 000,172,614 | ---- | C] () -- C:\Users\USER\Desktop\Guidelines_Instructions for Posting in this Forum - Gladiator Security Forum.pdf
[2011/08/26 23:33:31 | 000,172,819 | ---- | C] () -- C:\Users\USER\Documents\Guidelines_Instructions for Posting in this Forum - Gladiator Security Forum.pdf
[2011/07/30 14:02:42 | 000,000,120 | ---- | C] () -- C:\Users\USER\AppData\Local\Edogof.dat
[2011/07/30 14:02:42 | 000,000,000 | ---- | C] () -- C:\Users\USER\AppData\Local\Nbanabefog.bin
[2011/02/10 14:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/08/21 12:17:39 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/11/12 17:17:25 | 000,000,540 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009/09/25 08:29:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/25 08:28:30 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/25 08:27:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/19 05:29:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/29 19:16:20 | 000,000,225 | ---- | C] () -- C:\Windows\SysWow64\wmcGuideServiceProxy.ini
[2009/04/29 19:16:20 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\xmltvDownload.ini
[2008/10/06 13:59:52 | 000,006,266 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2008/10/06 13:59:52 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\AC58D2979A.sys
[2008/09/04 21:29:50 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/08/20 07:42:15 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/06/24 07:25:03 | 000,000,584 | ---- | C] () -- C:\Users\USER\AppData\Roaming\AutoGK.ini
[2008/06/23 21:31:30 | 000,043,698 | ---- | C] () -- C:\Windows\SysWow64\xvid-uninstall.exe
[2008/06/20 07:18:48 | 000,000,092 | ---- | C] () -- C:\Users\USER\AppData\Local\fusioncache.dat
[2008/06/19 22:11:16 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2008/06/19 22:11:07 | 007,118,848 | ---- | C] () -- C:\ProgramData\sandra.mda
[2008/06/19 21:31:45 | 000,803,016 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/06/19 21:30:13 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008/06/18 20:25:59 | 000,166,400 | ---- | C] () -- C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/18 14:18:19 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/06/18 13:11:33 | 000,018,851 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/06/18 13:11:25 | 000,018,476 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/06/18 12:47:28 | 000,000,732 | ---- | C] () -- C:\Users\USER\AppData\Local\d3d9caps64.dat
[2008/01/21 12:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/25 23:24:28 | 001,559,040 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007/03/10 21:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2006/11/03 01:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 22:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 22:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 19:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/10/11 13:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2002/10/16 08:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2011/04/03 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\.marble
[2008/09/18 18:05:40 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\aAvgApi
[2011/09/25 00:47:03 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Azureus
[2011/01/26 00:45:24 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Canon
[2010/10/20 21:08:03 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DAEMON Tools Lite
[2010/06/29 20:22:10 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Facebook
[2011/08/16 17:25:53 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
[2011/06/04 16:08:46 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\go
[2011/09/03 17:12:42 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\HDRsoft
[2010/01/23 11:26:28 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\LimeWire
[2011/08/13 13:26:09 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Nitro PDF
[2009/04/03 21:26:51 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Nokia
[2011/08/13 13:11:26 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\OpenCandy
[2011/02/13 20:22:13 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\OpenOffice.org
[2009/04/03 21:26:58 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\PC Suite
[2011/09/15 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\PrimoPDF
[2010/10/20 22:11:18 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Publish Providers
[2010/11/11 06:38:32 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\QuickScan
[2009/01/12 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\SharePod
[2010/10/20 22:11:16 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Sony
[2008/06/18 13:26:18 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TMP
[2011/09/25 19:37:01 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\RtlVistaStart.job
[2011/09/25 12:36:29 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


#6 mack202

mack202

    Active Member

  • Active Members
  • 10 posts

Posted 25 September 2011 - 10:08 AM

extras.txt

OTL Extras logfile created on: 25/09/2011 7:56:37 PM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\USER\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 60.00% Memory free
6.70 Gb Paging File | 4.76 Gb Available in Paging File | 71.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 212.75 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1401.31 Gb Free Space | 75.22% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 391.10 Gb Free Space | 41.99% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 9F E5 BA 70 77 81 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073E6568-87B3-4079-90FE-F39AEBD1994F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{08C74E60-F3C8-4ED0-B0FC-CB4C99C96BD8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{14E80326-67B6-4E90-BE02-40671E7FC702}" = lport=2869 | protocol=6 | dir=in | app=system |
"{971D54FE-B4D5-4482-B997-2AB6A258C44D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{D01AA7CB-E2C0-4E91-8274-CCD7CD93C154}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\rpcagentsrv.exe |
"{D1153D96-1FEA-40E0-BB0F-BF4DF9048A5C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x64\rpcsandrasrv.exe |
"{F47D2B25-84FE-44B3-9C35-D98B78D9C935}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27149727-C648-45EE-9E5E-5363ACE696EE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{2829245F-A627-4961-8A68-B811FAF5FC5B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{2E9F0378-03ED-458B-9F79-05C92AAE527C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A0AAA92-8F81-48A3-B021-9E3B29414E9E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3ED416BA-5A52-4089-974D-14F8F7C4E624}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{491E3ECE-2CE7-4EE7-8DC6-241908A71EAE}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{50806AD0-5D40-4AC6-9092-92D38E40D462}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{591C442D-DADE-4D6E-809B-6481289B6A08}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{75993A10-C20F-4CE4-907C-904FB8E27E42}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{7E8DF0B2-A82F-4843-B7DC-F716D56111F2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{89B4F025-A5C5-449E-8B57-EF78B8D43EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{A2F363EF-60B0-415B-80B3-62233A2E7405}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{C9857F2C-D81D-4A7D-A54F-2078E392C57F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F7E58CD4-0D98-471B-871B-57240A15C151}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"TCP Query User{6F082FE1-FCBA-4120-82DF-C267D4B3FA08}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{7852F38F-465A-4BCB-8376-5F37B35307B1}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{95131201-5359-4C9A-B1E8-FCD68316CA2C}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{D18A732A-1998-4A72-BFE2-E5F11A19E514}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{DEE87746-96AF-4CA9-957D-1D4D6A18151C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{75319103-3574-41CA-B5C9-4CDE66534BFC}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{8416D7FA-070D-490A-9F1D-8FFC76AB4B84}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{BA9A72B0-36D5-483F-9F05-6E9744143B24}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{DC71CA4C-F841-470B-BF03-DF7537026310}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{E1ADA51E-41CD-483E-BB25-5712D1B0F9EC}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}" = Adobe Photoshop Lightroom 3 64-bit
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}" = Vegas Pro 9.0 (64-bit)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite XII.SP2c
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D12CCBE2-1EC9-41EE-ABF2-D149D05FCE53}" = Nitro PDF Reader 2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0777E8B0-0BC4-4802-A6AA-0992716C78FD}" = Topaz Adjust 4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3D3D1E03-D506-4163-B600-82EE27FC5A89}" = Microsoft Camera Codec Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F5CACCC-D440-5F31-8A43-B7931B5D50C9}" = The Photographer's Ephemeris
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5416AC62-E1FE-42E7-80D2-D866ED702BDC}" = XMLTV Guide Pack v1.0.25
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65A54DC3-5FF6-4C75-906E-3EA1A3B71033}" = Nero 8 Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{8C708C29-6C08-4037-936A-ED6ED4872258}" = Reviewer
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = ASUS WiFi-AP Solo
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate?DiscWizard
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype? 5.3
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF4F620F-F295-41D7-92C0-6B635709C850}" = Nokia Software Updater
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.64
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AutoGK" = Auto Gordian Knot 2.45
"AviSynth" = AviSynth 2.5
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon RAW Codec" = Canon RAW Codec
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1" = The Photographer's Ephemeris
"Google Updater" = Google Updater
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"KDE Marble" = KDE Marble 1.0
"LimeWire" = LimeWire 4.18.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 6.0.2 (x86 en-GB)" = Mozilla Firefox 6.0.2 (x86 en-GB)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RADVideo" = RAD Video Tools
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"VLC media player" = VLC media player 1.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"Vuze" = Vuze
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2010 8:45:51 PM | Computer Name = USER-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/10/2010 8:45:51 PM | Computer Name = USER-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/10/2010 8:45:51 PM | Computer Name = USER-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/10/2010 8:45:51 PM | Computer Name = USER-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/10/2010 8:45:51 PM | Computer Name = USER-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/10/2010 8:45:51 PM | Computer Name = USER-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/10/2010 8:45:51 PM | Computer Name = USER-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/10/2010 8:45:51 PM | Computer Name = USER-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/10/2010 8:45:51 PM | Computer Name = USER-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/10/2010 8:45:51 PM | Computer Name = USER-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

[ Media Center Events ]
Error - 16/07/2009 5:04:15 PM | Computer Name = USER-PC | Source = Guide Service Proxy | ID = 0
Description = No guide information found.

Error - 16/07/2009 5:04:15 PM | Computer Name = USER-PC | Source = Guide Service Proxy | ID = 0
Description = Media Center made a request for guide information, but no local guide
source is available. Could not access ''.

Error - 17/07/2009 1:00:13 AM | Computer Name = USER-PC | Source = Guide Service Proxy | ID = 0
Description = No guide information found.

Error - 17/07/2009 1:00:13 AM | Computer Name = USER-PC | Source = Guide Service Proxy | ID = 0
Description = Media Center made a request for guide information, but no local guide
source is available. Could not access ''.

Error - 5/05/2010 4:10:10 AM | Computer Name = USER-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 05/05/2010 18:10:09. You may need to reschedule your recordings.

Error - 10/07/2010 8:50:04 PM | Computer Name = USER-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 07/11/2010 10:50:04. You may need to reschedule your recordings.

Error - 26/08/2010 5:48:47 PM | Computer Name = USER-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 08/27/2010 07:48:47. You may need to reschedule your recordings.

Error - 11/09/2010 6:50:39 PM | Computer Name = USER-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 09/12/2010 08:50:39. You may need to reschedule your recordings.

Error - 11/12/2010 9:01:27 AM | Computer Name = USER-PC | Source = Guide Service Proxy | ID = 0
Description = Unable to perform garbage collection. Unable to delete, directory
not empty or does not exist.

Error - 11/12/2010 9:01:27 AM | Computer Name = USER-PC | Source = Guide Service Proxy | ID = 0
Description = Unable to perform garbage collection. Unable to delete, directory
not empty or does not exist.

[ System Events ]
Error - 23/09/2011 8:02:22 AM | Computer Name = USER-PC | Source = DCOM | ID = 10016
Description =

Error - 23/09/2011 7:38:37 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/09/2011 7:38:48 PM | Computer Name = USER-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 0015AF64DA47 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 24/09/2011 9:10:38 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/09/2011 8:03:46 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/09/2011 8:05:20 PM | Computer Name = USER-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address 0015AF64DA47 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 25/09/2011 1:03:04 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/09/2011 1:03:22 AM | Computer Name = USER-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0015AF64DA47 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 25/09/2011 5:27:52 AM | Computer Name = USER-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0015AF64DA47 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 25/09/2011 5:37:02 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >


#7 mack202

mack202

    Active Member

  • Active Members
  • 10 posts

Posted 25 September 2011 - 10:09 AM

Checkup.txt

Results of screen317's Security Check version 0.99.18
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java™ 6 Update 22
Java™ 6 Update 4
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.183.5
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

Edited by mack202, 25 September 2011 - 10:16 AM.


#8 sempai

sempai

    3 stars and a sun

  • Admin
  • 1,043 posts

Posted 26 September 2011 - 12:23 PM

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    QUOTE
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


#9 mack202

mack202

    Active Member

  • Active Members
  • 10 posts

Posted 03 October 2011 - 11:05 AM

the backup seemed to work this morning.

here's that log file.
biggest surprise is the primopdf. i do recall something fishy about that...

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7a8c6f389bdb2d4f834f3cc887006202
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-03 10:38:33
# local_time=2011-10-03 09:38:33 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 56 28273918 155133214 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=345599
# found=18
# cleaned=0
# scan_time=25405
C:\Program Files\Sony\Vegas Pro 9.0\KEYGEN.EXE a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_8_5p83tu.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Guatemala 3rdEd 09 2007.rar JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Honduras Bay Islands 1st Ed 01 2007.rar JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\USER\Downloads\cnet_InternationalPrimoPDF_exe(1).exe a variant of Win32/InstallCore.C application (unable to clean) 00000000000000000000000000000000 I
C:\Users\USER\Downloads\cnet_InternationalPrimoPDF_exe.exe a variant of Win32/InstallCore.C application (unable to clean) 00000000000000000000000000000000 I
C:\Users\USER\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
E:\$RECYCLE.BIN\S-1-5-21-377214893-3599151885-3908360340-1000\$R900M5O.exe a variant of Win32/InstallCore.C application (unable to clean) 00000000000000000000000000000000 I
E:\downloads\SONY.Vegas.6.0c.FULL.Include.Keymaker-PDX\Sony Vegas 6\Sony Vegas 6.rar a variant of Win32/Keygen.AQ application (unable to clean) 00000000000000000000000000000000 I
E:\downloads\SONY.Vegas.6.0c.FULL.Include.Keymaker-PDX\Sony Vegas 6\Sony Vegas 6\keygen\keygen.exe a variant of Win32/Keygen.AQ application (unable to clean) 00000000000000000000000000000000 I
E:\Trip\Programs\InternationalPrimoPDF.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
G:\USER-PC\Backup Set 2011-09-04 120634\Backup Files 2011-09-04 120634\Backup files 1713.zip JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
G:\USER-PC\Backup Set 2011-09-04 120634\Backup Files 2011-09-04 120634\Backup files 1716.zip JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
G:\USER-PC\Backup Set 2011-09-04 120634\Backup Files 2011-09-04 120634\Backup files 1944.zip a variant of Win32/Keygen.AQ application (unable to clean) 00000000000000000000000000000000 I


#10 sempai

sempai

    3 stars and a sun

  • Admin
  • 1,043 posts

Posted 04 October 2011 - 04:18 PM

WARNING: cracking tools/keygens/warez/pirated software
The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is also a serious security risk:

    QUOTE (Trend Micro)
    Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.
    REFERENCE: Trend Micro - CRCK_KEYGEN.BB

    QUOTE (Trend Micro)
    [..] warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files [..] quick links in these sites also lead to malicious files. Ads and banners are also infection vectors [..]
    REFERENCE: Crack Sites Distribute VIRUX and FakeAV | Malware Blog | Trend Micro

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the Operating System.


=======================================


This forum does not support ay kind of pirated software's and that includes keygens, not only it's illegal but it will surely reinfect you again... and again. Having that said, we need to remove these kind of programs otherwise we will refuse to help you. If you agree then please run the fix below.


Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    CODE
    :OTL
    C:\Program Files\Sony\Vegas Pro 9.0\KEYGEN.EXE
    C:\Program Files (x86)\Vuze\.install4j\i4j_extf_8_5p83tu.exe
    C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Guatemala 3rdEd 09 2007.rar
    C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Honduras Bay Islands 1st Ed 01 2007.rar
    C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf
    C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf
    C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf
    C:\Users\USER\Azureus - Vuze\Lonely Planet Travel Guides 2 [H33t]\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf
    C:\Users\USER\Downloads\cnet_InternationalPrimoPDF_exe(1).exe
    C:\Users\USER\Downloads\cnet_InternationalPrimoPDF_exe.exe
    C:\Users\USER\Downloads\InternationalPrimoPDF.exe
    E:\$RECYCLE.BIN\S-1-5-21-377214893-3599151885-3908360340-1000\$R900M5O.exe
    E:\downloads\SONY.Vegas.6.0c.FULL.Include.Keymaker-PDX\Sony Vegas 6\Sony Vegas 6.rar
    E:\downloads\SONY.Vegas.6.0c.FULL.Include.Keymaker-PDX\Sony Vegas 6\Sony Vegas 6\keygen\keygen.exe
    E:\Trip\Programs\InternationalPrimoPDF.exe
    G:\USER-PC\Backup Set 2011-09-04 120634\Backup Files 2011-09-04 120634\Backup files 1713.zip
    G:\USER-PC\Backup Set 2011-09-04 120634\Backup Files 2011-09-04 120634\Backup files 1716.zip
    G:\USER-PC\Backup Set 2011-09-04 120634\Backup Files 2011-09-04 120634\Backup files 1944.zip

  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users