|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#31
|
|||
|
|||
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Victor\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [DELL Webcam Manager] C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe (ooVoo) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\5.0 ( File not found O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/04/08 13:10:28 | 00,000,000 | ---D | M] - C:\Automap -- [ NTFS ] O33 - MountPoints2\{6c8f8873-2303-11de-aee6-0019b983c065}\Shell - "" = AutoRun O33 - MountPoints2\{9b6e281f-7c1a-11dd-a8c5-0019b983c065}\Shell - "" = AutoRun O33 - MountPoints2\{bb7abbca-3bf6-11de-9db4-0019b983c065}\Shell\AutoRun\command - "" = JDLightning\Windows\JDLightning.exe O33 - MountPoints2\{dcafe0de-b891-11de-8a1c-0019b983c065}\Shell - "" = AutoRun O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/01/02 21:14:40 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2010/01/02 20:33:36 | 00,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Malwarebytes [2010/01/02 20:33:29 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/01/02 20:33:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/01/02 20:33:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/01/02 20:33:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/01/02 19:22:06 | 00,000,000 | ---D | C] -- C:\_OTL [2010/01/02 17:25:28 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Victor\Desktop\OTL.exe [2010/01/02 05:06:46 | 00,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Uniblue [2010/01/02 05:06:37 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue [2010/01/01 21:52:58 | 00,000,000 | ---D | C] -- C:\Windows\Sun [2009/12/28 05:24:22 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\Jay Sean All Or Nothing 2009 [2009/12/28 05:23:37 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\Leona Lewis - Echo (2009)[MasterMix RG] [2009/12/28 05:20:59 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\Lady GaGa - The Fame Monster 2CDRip 2009 [Cov+2CD][Bubanee] [2009/12/28 05:17:12 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\Alicia Keys - The Element Of Freedom (Deluxe) CDRip 2009 [Cov+CD][Bubanee] [2009/12/28 05:06:51 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\Timbaland - Presents Shock Value II (2009) (Advance) www.planet-bytes.org [2009/12/28 04:48:43 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\Ne-Yo - The Collection (2009) - R&B [2009/12/28 04:41:04 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\50.Cent-Before.I.Self.Destruct-(Retail)-2009-[NoFS] [2009/12/28 04:38:51 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\J. Cole-The Warm Up-2009-MIXFIEND [2009/12/28 04:36:32 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\Attention Deficit [2009/12/28 04:34:01 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\A Kid Named Cudi [2009/12/28 02:37:26 | 00,000,000 | ---D | C] -- C:\Users\Victor\Desktop\Lil_Wayne-No_Ceilings-(RapGodFathers.com) [2009/12/20 05:04:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2009/12/20 03:12:03 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2009/12/20 03:11:59 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2009/12/20 03:11:59 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2009/12/20 03:10:23 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2009/12/20 03:10:20 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2009/12/20 03:10:14 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2009/12/20 03:10:14 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2009/12/20 03:10:13 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll [2009/12/20 03:10:13 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2009/12/20 03:10:13 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2009/12/20 03:10:13 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2009/12/20 03:10:13 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2009/12/20 03:10:13 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2009/12/20 03:10:12 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2009/12/20 03:10:12 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2009/12/20 03:10:12 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2009/12/20 03:10:12 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2009/12/20 03:10:12 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2009/12/20 03:10:11 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2009/12/20 03:10:11 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2009/12/20 03:10:11 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2009/12/20 03:10:11 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2009/12/20 03:10:10 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2009/12/20 03:10:10 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2009/12/20 03:10:10 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2009/12/20 03:10:09 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2009/12/20 03:10:09 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2009/12/20 03:10:08 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2009/12/20 03:08:44 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2009/12/20 03:08:44 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2009/12/20 03:08:27 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2009/12/20 03:08:18 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2009/12/20 03:08:18 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2009/12/20 03:08:16 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2009/12/20 03:08:16 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2009/12/20 03:08:16 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2009/12/20 03:08:15 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2009/12/20 03:08:15 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2009/12/20 03:08:15 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2009/12/20 03:08:15 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.d ll [2009/12/20 03:02:55 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2009/12/20 03:02:52 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2009/12/19 15:20:40 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2009/12/19 15:20:40 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2009/12/19 15:20:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2009/12/19 13:54:16 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2009/12/19 06:16:59 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2009/12/19 01:03:21 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/12/19 01:03:20 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/12/19 01:03:20 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2009/12/19 01:03:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/12/19 01:03:19 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2009/12/19 01:03:19 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2009/12/19 01:03:18 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2009/12/19 01:03:18 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2009/12/19 01:03:17 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2009/12/19 01:03:17 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2009/12/19 01:03:16 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/12/19 01:03:15 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2009/12/19 01:03:15 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/12/19 01:03:15 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2009/12/19 01:01:15 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2009/12/19 01:01:14 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2009/12/19 01:01:14 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2009/12/19 01:01:13 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2009/12/19 01:01:12 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2009/12/19 01:01:12 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2009/12/19 01:01:12 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2009/12/19 01:01:11 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2009/12/19 01:01:10 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2009/12/19 01:01:10 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2009/12/19 01:01:09 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/12/19 01:01:09 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2009/12/19 01:01:08 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/12/19 01:01:08 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2009/12/19 01:01:08 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2009/12/19 01:01:08 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2009/12/19 01:01:07 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll [2009/12/19 01:01:07 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2009/12/19 01:01:06 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2009/12/19 01:01:05 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2009/12/19 01:01:05 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2009/12/19 01:01:02 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2009/12/19 01:01:02 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/12/19 01:01:02 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2009/12/19 01:01:01 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2009/12/19 01:01:01 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2009/12/19 01:01:01 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2009/12/19 01:01:01 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe [2009/12/17 19:32:29 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009/12/17 19:32:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009/12/17 19:32:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009/12/14 07:00:45 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic [2009/12/12 14:16:34 | 00,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Tific [2009/12/12 14:16:21 | 00,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Tific [2009/12/12 14:15:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NortonPCCheckup [2009/12/12 14:15:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NortonPCCheckup\020002 0.1FA [2009/12/12 14:15:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton [2009/12/12 14:15:32 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2009/12/12 14:15:32 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2008/12/17 21:03:26 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Victor\AppData\Roaming\pcouffin.sys [3 C:\Users\Victor\Documents\*.tmp files -> C:\Users\Victor\Documents\*.tmp -> ] |
#32
|
|||
|
|||
========== Files - Modified Within 30 Days ==========
[2010/01/10 16:58:26 | 03,670,016 | -HS- | M] () -- C:\Users\Victor\NTUSER.DAT [2010/01/10 16:00:11 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/01/10 16:00:11 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/01/10 06:02:51 | 00,039,894 | ---- | M] () -- C:\Windows\System32\Config.MPF [2010/01/10 06:00:34 | 00,000,380 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job [2010/01/10 06:00:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/01/10 06:00:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/01/10 06:00:08 | 21,371,94496 | -HS- | M] () -- C:\hiberfil.sys [2010/01/10 05:58:47 | 00,524,288 | -HS- | M] () -- C:\Users\Victor\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms [2010/01/10 05:58:47 | 00,065,536 | -HS- | M] () -- C:\Users\Victor\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/01/10 05:58:27 | 02,255,242 | -H-- | M] () -- C:\Users\Victor\AppData\Local\IconCache.db [2010/01/10 04:59:00 | 00,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2010/01/10 03:28:01 | 00,000,374 | ---- | M] () -- C:\Windows\tasks\RegCure.job [2010/01/09 17:00:04 | 00,000,392 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job [2010/01/08 02:43:09 | 00,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Privacy Controls_{508A3C8E-E8A8-11DE-8699-0019B983C065}.job [2010/01/06 18:10:35 | 00,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010/01/06 04:37:04 | 00,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2010/01/02 20:33:32 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/02 17:25:29 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Victor\Desktop\OTL.exe [2010/01/02 05:06:44 | 00,001,031 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk [2010/01/01 13:12:51 | 00,000,368 | ---- | M] () -- C:\Windows\tasks\McQcTask.job [2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/12/28 19:47:46 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/12/28 19:47:46 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/12/28 19:47:46 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/12/28 05:45:15 | 00,060,416 | ---- | M] () -- C:\Users\Victor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/23 16:16:34 | 00,000,786 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk [2009/12/20 05:03:24 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_ 07_00.Wdf [2009/12/20 05:00:02 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_ 00.Wdf [2009/12/19 15:26:45 | 00,419,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/12/16 14:12:03 | 00,017,666 | ---- | M] () -- C:\Users\Victor\Documents\Economics 103B Probelm set 3.docx [2009/12/16 14:10:29 | 00,021,708 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\wklnhst.dat [2009/12/15 22:42:40 | 00,009,214 | ---- | M] () -- C:\Users\Victor\Documents\Econ 103 problem set number 3.xlsx [2009/12/15 22:42:05 | 00,041,984 | ---- | M] () -- C:\Users\Victor\Documents\Problem Set 3 for Vr.wps [2009/12/15 01:00:00 | 00,000,366 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job [2009/12/14 07:00:51 | 00,001,015 | ---- | M] () -- C:\Users\Public\Desktop\ParetoLogic Privacy Controls.lnk [2009/12/14 02:10:01 | 00,011,414 | ---- | M] () -- C:\Users\Victor\Documents\im on some cool **** now.docx [2009/12/12 14:16:16 | 00,002,349 | ---- | M] () -- C:\Users\Public\Desktop\Norton PC Checkup.lnk [3 C:\Users\Victor\Documents\*.tmp files -> C:\Users\Victor\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/02 20:33:32 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/02 05:06:44 | 00,001,031 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk [2009/12/20 05:03:24 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_ 07_00.Wdf [2009/12/20 05:00:02 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_ 00.Wdf [2009/12/19 01:03:17 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2009/12/16 14:12:00 | 00,017,666 | ---- | C] () -- C:\Users\Victor\Documents\Economics 103B Probelm set 3.docx [2009/12/15 22:42:36 | 00,009,214 | ---- | C] () -- C:\Users\Victor\Documents\Econ 103 problem set number 3.xlsx [2009/12/15 19:23:49 | 00,041,984 | ---- | C] () -- C:\Users\Victor\Documents\Problem Set 3 for Vr.wps [2009/12/14 07:00:51 | 00,001,015 | ---- | C] () -- C:\Users\Public\Desktop\ParetoLogic Privacy Controls.lnk [2009/12/14 07:00:50 | 00,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2009/12/14 07:00:48 | 00,000,448 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Privacy Controls_{508A3C8E-E8A8-11DE-8699-0019B983C065}.job [2009/12/14 02:09:57 | 00,011,414 | ---- | C] () -- C:\Users\Victor\Documents\im on some cool **** now.docx [2009/12/12 14:15:43 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NortonPCCheckup\020002 0.1FA\isolate.ini [2009/10/19 16:57:45 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/28 01:03:11 | 00,000,760 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\setup_ldm.iss [2009/07/24 23:30:49 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008/12/17 21:04:42 | 00,000,034 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\pcouffin.log [2008/12/17 21:03:26 | 00,087,608 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\inst.exe [2008/12/17 21:03:26 | 00,007,887 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\pcouffin.cat [2008/12/17 21:03:26 | 00,001,144 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\pcouffin.inf [2008/09/09 09:00:28 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008/03/27 16:36:37 | 00,005,648 | ---- | C] () -- C:\Users\Victor\AppData\Local\d3d9caps.dat [2008/03/02 14:57:53 | 00,000,600 | ---- | C] () -- C:\Users\Victor\AppData\Local\PUTTY.RND [2007/09/07 07:10:12 | 00,002,281 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2007/08/23 19:30:00 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007/07/31 00:10:35 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini [2007/07/24 23:35:28 | 00,021,708 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\wklnhst.dat [2007/07/24 15:48:08 | 00,060,416 | ---- | C] () -- C:\Users\Victor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/07/18 05:42:04 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll [2007/07/18 05:42:03 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/07/18 05:42:03 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007/07/18 05:41:58 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007/07/18 05:41:48 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007/07/17 21:59:42 | 00,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll [2007/07/17 21:59:42 | 00,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll [2007/07/17 21:59:42 | 00,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_0 0001102.ini [2006/11/07 14:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll < End of report > |
#33
|
||||
|
||||
Hi,
Please doubleclick OTL one more time and hit Cleanup. This will remove OTL and all helper tools. Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean Hiding Hidden Files Please set your system to hide all hidden files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders. Check: Hide file extensions for known file types Check the Hide protected operating system files (recommended) option. Click Yes to confirm. Purging System Restore Points Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future. Practice Safe Internet One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Make Internet Explorer 7 more secure
If we have helped you, please consider supporting Cyber Tech Help with a subscription. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
monka56 - moved by schrauber | monka56 | Malware Removal | 49 | March 6th, 2010 04:08 PM |
psf: my computer is doing a very similar thing - moved by schrauber | psf | Malware Removal | 1 | January 19th, 2010 11:30 PM |
punkydiamond - moved by schrauber | punkydiamond | Malware Removal | 1 | January 8th, 2010 06:43 PM |
janardhanan.j C.exe - moved by schrauber | janardhanan.j | Malware Removal | 6 | January 5th, 2010 10:02 PM |
-=BULLETPROOF=- C.EXE - moved by schrauber | -=BULLETPROOF=- | Malware Removal | 23 | January 5th, 2010 09:49 PM |
All times are GMT +1. The time now is 11:21 AM.