Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.ircbot, pup.zugo removed using MBAM, unable to open webpages, can't tell whats wrong


  • This topic is locked This topic is locked
39 replies to this topic

#1 pixart8

pixart8

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 11 August 2011 - 07:15 PM

Hi!

Kindly refer to the following link for case history:
Am I infected Forum post


Before I read the last post by Broni, I'd done a scan with MBAM in safe mode...which removed 5 infected files...logs of SecurityCheck, MiniToolBox, GMER, SUPERAntiSpyware and MBAM can be referred in the provided thread (too long so haven't posted here just now). Neither GMER nor SUPERAntiSpyware detected any infection, though MBAM detected five infected files afterwards.

Last MBAM didn't result in a BSOD, however, it was running in Safe Mode.

I've removed Avast AV as suggested. Installed WOT, SiteAdvisor. Unable to open this link since MBAM scan
found it during search for PUP.Zugo

Lastly, maybe an unrelated problem with my laptop screen itself, its flickering at random times (rarely though).

Kindly guide how to identify whether all problems are due to same source or are there multiple infections still present.

Problems:

1. BSOD during MBAM scan, finds 2 infections and suddenly windows crash. (most likely resolved, as 2 Trojan.IRCBot removed during scan in safe mode.
2. MBAM blocking outgoing connections while running BitComet, after closing BitComet, continuous intrusions (blocked by Comodo Firewall)...I've a dynamic IP so maybe they stop eventually after reboot and resetting the modem.
3. Just now I noticed one more issue, its with IE9, my home page is changed to <http://start.facemoods.com/?a=ddrnw> every time I open IE also, search provider is changed despite the fact that I removed it several times.
4. The raymond.cc link not working (maybe firewall? but I was able to access the site till yesterday)
5. System using 100% bandwidth as shown by Comodo Firewall. Listen on many ports and IGMP out to 224.0.0.22

I apologize for my ignorance if I am identifying anything normal as a threat. Kindly help me judge what could be a real issue, what superficial.


Thank You.

BC AdBot (Login to Remove)

 


#2 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 11 August 2011 - 08:25 PM

Orange Blossom reminded me that I didn't post DDR log...(I skipped it assuming I'd already done MiniToolBox) ...so I downloaded it and ran it, Comodo Firewall gave an alert, I ignored it and DDR started running...now while it was running, suddenly BSOD! Staying optimistic, I assumed it to be a random occurrence...I ran it again...BSOD again!

So, anyways, I just thought I'd check my mail and then post here ...and guess what ..unable to open gmail :( ... I mean I gmail page opens, I enter my id, password, enter and then nothing...the connection times out ...

BC Team ...please help...now I panicking ....I have a job interview lined up and really need to access my mail and need the laptop to function normally...I'd be ruined otherwise...please help :( (at least with gmail)

#3 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 11 August 2011 - 08:34 PM

phew...I removed MBAM and gmail started working :clapping::) I am saved... the raymond.cc link worked too ...

kindly guide how to go about dealing DDR and subsequent BSODs ...thanks :)

#4 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 11 August 2011 - 10:03 PM

I'll post BSOD logs


Second DDR attempt

The problem seems to be caused by the following file: ntkrnlpa.exe

KERNEL_DATA_INPAGE_ERROR


Technical Information:

*** STOP: 0x0000007a (0xc0417fe8, 0xc0000185, 0x39d38860, 0x82ffdd39)

*** ntkrnlpa.exe - Address 0x82f1eeb4 base at 0x82e40000 DateStamp 0x4e02a389



First DDR attempt


The problem seems to be caused by the following file: ataport.SYS

KERNEL_DATA_INPAGE_ERROR



Technical Information:

*** STOP: 0x0000007a (0xc0444f48, 0xc0000185, 0x6c4fc860, 0x889e99cc)

*** ataport.SYS - Address 0x889e99cc base at 0x889d1000 DateStamp 0x4ce788e8

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 16 August 2011 - 06:27 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.



Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 17 August 2011 - 07:39 PM

Hi Gringo!

Thanks for your interest. Presently my laptop is working fine. I've stopped using bitcomet and have uninstalled MBAM. No BSOD since last DDR attempt. No intrusions blocked by Comodo firewall. facemoods redirects have also stopped. Would you still recommend running OTL scan?

Sort of busy with work and don't wish to interrupt laptop's normal functioning till weekend.

Thanks

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 17 August 2011 - 07:43 PM

we can wait untill the weekend if you wish and it will also give you time to check things out to see if it really is gone



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 17 August 2011 - 11:40 PM

Thank you :)

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 17 August 2011 - 11:43 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 20 August 2011 - 02:55 PM

OTL logfile created on: 21-08-2011 01:09:56 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = E:\4. Daily\firefox, chrome
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.47% Memory free
3.74 Gb Paging File | 2.44 Gb Available in Paging File | 65.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.97 Gb Total Space | 11.76 Gb Free Space | 29.41% Space Free | Partition Type: NTFS
Drive D: | 52.74 Gb Total Space | 28.83 Gb Free Space | 54.66% Space Free | Partition Type: NTFS
Drive E: | 128.75 Gb Total Space | 16.34 Gb Free Space | 12.69% Space Free | Partition Type: NTFS

Computer Name: PE8CE-PC | User Name: pe8ce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\4. Daily\firefox, chrome\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PureSync\PureSyncTray.exe (Jumping Bytes)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Mozilla Firefox 4\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox 4\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - E:\. WORKSPACE\Firefox Profiles New 16-04-2011\ff 4.0.1\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Program Files\Stickies\shook70.dll ()
MOD - C:\Program Files\Mozilla Firefox 4\mozjs.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\WordWeb\wwextdb.dll ()
MOD - C:\Program Files\WordWeb\WUCNT.dll ()


========== Win32 Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (BITCOMET_HELPER_SERVICE) -- C:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110820.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110820.005\NAVENG.SYS (Symantec Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SymNetS) -- C:\Windows\System32\Drivers\NAV\1206000.01D\SYMNETS.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110819.030\IDSvix86.sys (Symantec Corporation)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (oodrvled) -- C:\Windows\system32\DRIVERS\oodrvled.sys (O&O Software GmbH)
DRV - (SymDS) -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (mirrorv3) -- C:\Windows\System32\drivers\rminiv3.sys (Famatech International Corp.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-959610627-203523047-2809248589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\. DOWNLOADS\ie Downloads
IE - HKU\S-1-5-21-959610627-203523047-2809248589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-959610627-203523047-2809248589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKU\S-1-5-21-959610627-203523047-2809248589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-959610627-203523047-2809248589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
IE - HKU\S-1-5-21-959610627-203523047-2809248589-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9615918-d3de-44a4-ab65-76df7ea1f1c1}:0.3.16

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pe8ce\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\pe8ce\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pe8ce\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pe8ce\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-06-18 13:19:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011-08-17 13:48:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-05-11 07:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-07-13 09:22:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-18 13:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4\components [2011-07-13 09:22:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-05-11 07:11:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\pe8ce\AppData\Roaming\IDM\idmmzcc3 [2011-04-17 12:45:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: C:\Program Files\Copernic Desktop Search - Home\Firefox36Connector
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\pe8ce\AppData\Roaming\IDM\idmmzcc3 [2011-04-17 12:45:13 | 000,000,000 | ---D | M]

[2011-04-16 22:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pe8ce\AppData\Roaming\Mozilla\Extensions
[2011-08-05 18:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pe8ce\AppData\Roaming\Mozilla\Firefox\Profiles\8t44jri6.default\extensions
[2011-04-16 22:52:16 | 000,000,000 | ---D | M] (ProfilePassword-Firefox) -- C:\Users\pe8ce\AppData\Roaming\Mozilla\Firefox\Profiles\8t44jri6.default\extensions\{b9615918-d3de-44a4-ab65-76df7ea1f1c1}
[2011-04-16 22:52:16 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\pe8ce\AppData\Roaming\Mozilla\Firefox\Profiles\8t44jri6.default\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2009-07-10 17:26:08 | 000,002,257 | ---- | M] () -- C:\Users\pe8ce\AppData\Roaming\Mozilla\Firefox\Profiles\8t44jri6.default\searchplugins\askcom.xml
[2011-06-09 09:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-04-17 00:57:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-09 09:59:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011-06-18 13:19:53 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011-08-17 13:48:18 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2011-04-17 12:45:13 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\PE8CE\APPDATA\ROAMING\IDM\IDMMZCC3
[2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-08-05 18:04:24 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2011-04-17 12:53:42 | 000,001,393 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 174.133.70.101:443
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 http://174.133.70.101/
O1 - Hosts: 127.0.0.1 http://internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-959610627-203523047-2809248589-1000\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKU\S-1-5-21-959610627-203523047-2809248589-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-959610627-203523047-2809248589-1000..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-959610627-203523047-2809248589-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-959610627-203523047-2809248589-1000..\Run: [PureSync] C:\Program Files\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - HKU\S-1-5-21-959610627-203523047-2809248589-1000..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\pe8ce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe (Zards Software)
O4 - Startup: C:\Users\pe8ce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 59.179.243.70 203.94.243.70
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006-09-19 03:13:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c2f8d27d-6b2a-11e0-ab42-0024338a5f63}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f8d27d-6b2a-11e0-ab42-0024338a5f63}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Start.exe
O33 - MountPoints2\H\Shell\Install\Command - "" = H:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-08-18 00:35:32 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Local\CutePDF Writer
[2011-08-18 00:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011-08-15 11:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software
[2011-08-15 11:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2011-08-15 11:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2011-08-15 07:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011-08-13 18:47:37 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Local\Rob_Latour
[2011-08-13 18:46:33 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\ARulerForWindows
[2011-08-13 18:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Ruler for Windows
[2011-08-13 18:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\A Ruler for Windows
[2011-08-13 15:49:51 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\Media Player Classic
[2011-08-13 15:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011-08-13 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011-08-13 03:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011-08-13 03:03:19 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\Windows\System32\divxa32.acm
[2011-08-13 03:03:19 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\mp3fhg.acm
[2011-08-13 03:03:18 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011-08-13 03:03:18 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\huffyuv.dll
[2011-08-13 03:03:17 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011-08-13 03:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011-08-11 23:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011-08-11 07:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011-08-11 07:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011-08-11 06:22:44 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\SumatraPDF
[2011-08-11 06:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2011-08-11 05:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2011-08-10 21:52:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-08-10 21:52:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-08-10 21:52:05 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-08-10 21:52:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-08-10 21:52:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-08-10 21:30:45 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011-08-10 21:30:44 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011-08-10 21:30:37 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011-08-10 21:30:37 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-08-10 21:30:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011-08-10 21:30:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011-08-10 21:30:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011-08-10 21:30:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011-08-10 21:30:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011-08-10 21:30:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011-08-10 21:30:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011-08-10 21:30:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011-08-10 21:30:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011-08-10 21:30:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011-08-10 21:30:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011-08-10 21:30:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011-08-10 21:30:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011-08-10 21:30:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011-08-10 21:30:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011-08-10 21:30:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011-08-10 21:30:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011-08-10 21:30:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011-08-10 21:30:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011-08-10 21:30:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011-08-10 21:30:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011-08-10 21:30:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011-08-10 21:30:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011-08-10 21:30:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011-08-10 21:30:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011-08-10 21:30:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011-08-10 21:30:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011-08-10 21:30:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011-08-10 21:28:29 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011-08-10 21:28:29 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011-08-10 21:28:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011-08-10 21:28:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011-08-10 21:28:28 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011-08-10 15:48:19 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\SUPERAntiSpyware.com
[2011-08-10 15:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011-08-10 15:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011-08-10 15:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011-08-10 15:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011-08-10 05:07:59 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\Jumping Bytes
[2011-08-10 05:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\PureSync
[2011-08-10 05:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync
[2011-08-10 05:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jumping Bytes
[2011-08-10 04:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GoodSync
[2011-08-10 04:27:09 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\GoodSync
[2011-08-10 04:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2011-08-09 09:49:02 | 000,000,000 | ---D | C] -- E:\4. Daily\Program Data\. DESKTOP\Bleeping Computer
[2011-08-08 19:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.0.0 Home Edition
[2011-08-08 19:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011-08-08 18:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011-08-08 18:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-08-08 17:34:16 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Comodo
[2011-08-08 17:34:13 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Local\Comodo
[2011-08-08 16:32:28 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\Malwarebytes
[2011-08-08 16:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-08-08 16:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-08-06 05:06:40 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\Skype
[2011-08-06 05:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-08-06 05:06:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011-08-06 05:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011-08-05 18:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011-08-05 17:16:22 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Local\FeedDemon
[2011-08-05 04:59:50 | 000,000,000 | ---D | C] -- E:\. DOCUMENTS\My Digital Editions
[2011-08-05 04:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011-08-05 04:42:10 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\Desktop
[2011-08-05 00:08:52 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Local\STDUViewer
[2011-08-05 00:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STDUtility
[2011-08-05 00:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\STDUtility
[2011-08-05 00:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\STDU Viewer
[2011-07-29 19:23:48 | 000,000,000 | ---D | C] -- E:\. DOCUMENTS\My Scans
[2011-07-29 19:18:58 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Local\HP
[2011-07-29 19:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011-07-29 19:18:05 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\HP
[2011-07-29 19:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011-07-29 19:11:33 | 000,000,000 | ---D | C] -- C:\UniScan
[2011-07-29 19:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011-07-29 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011-07-29 19:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011-07-29 19:10:12 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011-07-29 19:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011-07-28 23:26:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\rserver30
[2011-07-28 19:33:01 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Roaming\Radmin
[2011-07-28 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\pe8ce\AppData\Local\Downloaded Installations
[2011-07-26 12:42:40 | 000,000,000 | ---D | C] -- E:\. DOCUMENTS\Remote Assistance Logs
[2011-04-10 20:36:04 | 000,120,320 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011-02-11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011-08-21 01:06:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-959610627-203523047-2809248589-1000UA.job
[2011-08-20 23:22:27 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-20 23:22:27 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-08-20 23:19:14 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-08-20 23:19:14 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-08-20 23:14:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-20 23:14:40 | 1505,996,800 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-18 05:06:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-959610627-203523047-2809248589-1000Core.job
[2011-08-16 21:08:23 | 000,415,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-08-13 18:46:15 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\A Ruler for Windows.lnk
[2011-08-13 17:39:02 | 000,000,996 | ---- | M] () -- E:\4. Daily\Program Data\. DESKTOP\ZS Associates.lnk
[2011-08-13 09:21:29 | 000,089,088 | ---- | M] () -- C:\Users\pe8ce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-08-12 07:51:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011-08-12 05:59:15 | 000,000,000 | ---- | M] () -- C:\Users\pe8ce\defogger_reenable
[2011-08-10 05:30:10 | 000,000,860 | ---- | M] () -- E:\4. Daily\Program Data\. DESKTOP\My Websites - Shortcut.lnk
[2011-08-08 19:05:16 | 000,232,416 | ---- | M] () -- E:\. DOCUMENTS\cc_20110808_190443.reg
[2011-08-08 18:46:19 | 000,003,208 | ---- | M] () -- C:\{BBFF86B5-BAED-4E00-83DE-694472AA6714}
[2011-08-07 17:44:39 | 000,000,010 | RHS- | M] () -- C:\config.sys
[2011-08-05 04:59:37 | 000,002,148 | ---- | M] () -- C:\Users\pe8ce\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011-08-02 20:48:26 | 002,469,248 | ---- | M] () -- C:\Windows\System32\BootMan.exe
[2011-07-29 13:54:56 | 000,086,408 | ---- | M] () -- C:\Windows\System32\setupempdrv03.exe
[2011-07-29 13:54:56 | 000,014,216 | ---- | M] () -- C:\Windows\System32\epmntdrv.sys
[2011-07-29 13:54:56 | 000,008,456 | ---- | M] () -- C:\Windows\System32\EuGdiDrv.sys
[2011-07-29 13:54:46 | 000,019,840 | ---- | M] () -- C:\Windows\System32\EuEpmGdi.dll
[2011-07-26 12:21:42 | 000,000,000 | -H-- | M] () -- E:\. DOCUMENTS\Default.rdp
[2011-07-22 08:24:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-07-22 08:17:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-07-22 08:16:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-07-22 08:14:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-07-22 08:13:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

========== Files Created - No Company Name ==========

[2011-08-18 00:23:33 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011-08-13 18:46:14 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\A Ruler for Windows.lnk
[2011-08-13 03:16:51 | 000,000,996 | ---- | C] () -- E:\4. Daily\Program Data\. DESKTOP\ZS Associates.lnk
[2011-08-12 05:59:15 | 000,000,000 | ---- | C] () -- C:\Users\pe8ce\defogger_reenable
[2011-08-11 06:22:37 | 000,001,875 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2011-08-10 05:30:10 | 000,000,860 | ---- | C] () -- E:\4. Daily\Program Data\. DESKTOP\My Websites - Shortcut.lnk
[2011-08-08 19:07:02 | 002,469,248 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011-08-08 19:07:02 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011-08-08 19:07:02 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011-08-08 19:07:02 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011-08-08 19:07:02 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011-08-08 19:04:51 | 000,232,416 | ---- | C] () -- E:\. DOCUMENTS\cc_20110808_190443.reg
[2011-08-08 18:46:18 | 000,003,208 | ---- | C] () -- C:\{BBFF86B5-BAED-4E00-83DE-694472AA6714}
[2011-08-05 18:02:20 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011-08-05 18:02:16 | 000,001,891 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2011-08-05 18:02:13 | 000,001,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011-08-05 04:59:37 | 000,002,148 | ---- | C] () -- C:\Users\pe8ce\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011-08-05 04:59:36 | 000,002,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2011-07-29 19:15:15 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011-07-26 12:21:42 | 000,000,000 | -H-- | C] () -- E:\. DOCUMENTS\Default.rdp
[2011-06-22 14:55:22 | 000,138,056 | ---- | C] () -- C:\Users\pe8ce\AppData\Roaming\PnkBstrK.sys
[2011-05-03 14:48:34 | 000,007,597 | ---- | C] () -- C:\Users\pe8ce\AppData\Local\Resmon.ResmonCfg
[2011-04-17 16:24:41 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2011-04-17 16:24:40 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2011-04-17 16:24:39 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011-04-17 16:24:39 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2011-04-17 14:56:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-04-17 14:54:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-04-17 13:10:05 | 000,089,088 | ---- | C] () -- C:\Users\pe8ce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011-02-11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011-02-11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011-02-11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010-03-15 05:31:48 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-07-14 10:27:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 10:03:53 | 000,415,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-07-14 07:35:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009-07-14 07:35:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009-07-14 07:35:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009-07-14 07:35:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009-07-14 07:35:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009-07-14 07:34:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009-07-14 05:25:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 05:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-07-14 03:39:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009-06-11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

< End of report >

OTL Extras logfile created on: 21-08-2011 01:09:56 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = E:\4. Daily\firefox, chrome
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.47% Memory free
3.74 Gb Paging File | 2.44 Gb Available in Paging File | 65.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.97 Gb Total Space | 11.76 Gb Free Space | 29.41% Space Free | Partition Type: NTFS
Drive D: | 52.74 Gb Total Space | 28.83 Gb Free Space | 54.66% Space Free | Partition Type: NTFS
Drive E: | 128.75 Gb Total Space | 16.34 Gb Free Space | 12.69% Space Free | Partition Type: NTFS

Computer Name: PE8CE-PC | User Name: pe8ce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-959610627-203523047-2809248589-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44FB7006-C5F5-43F7-BF3E-70BC5A1C7457}" = Nokia Ovi Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28C077-9958-45F1-8BB4-CBF90A69AD4E}" = PC Connectivity Solution
"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{819BD55B-732F-45C0-A34A-9EC8B6DE83DF}" = PureSync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986DC057-D360-492C-8F31-DBD0E5096B65}" = O&O DriveLED Professional
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DCF4C336-18DB-449B-9238-821B7F28B614}_is1" = Uninstall A Ruler for Windows
"{E3B67F67-F1BA-4709-96CE-72E92A8BF5E3}" = hpg2410
"{E5B04674-1885-4B08-BAE7-ECDEC1F84677}" = HP Scanjet G2410 and 2400
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIMP2" = AIMP2
"BitComet" = BitComet 1.27
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"Canon LBP3100/LBP3108/LBP3150" = Canon LBP3100/LBP3108/LBP3150
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.0.0 Home Edition
"Everything" = Everything 1.2.1.371
"GOM Player" = GOM Player
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IcoFX_is1" = IcoFX 1.6.4
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0
"LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"NAV" = Norton AntiVirus
"Nokia Ovi Suite" = Nokia Ovi Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PureSync" = PureSync 3.1.2
"Recuva" = Recuva
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Startup Defender " = Startup Defender 1.9.5
"STDU Viewer_is1" = STDU Viewer version 1.6.2.0
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WordWeb" = WordWeb Pro
"ZhornStickies" = Stickies 7.1a

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-959610627-203523047-2809248589-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10-08-2011 22:30:08 | Computer Name = pe8ce-PC | Source = System Restore | ID = 8193
Description =

Error - 10-08-2011 22:30:12 | Computer Name = pe8ce-PC | Source = System Restore | ID = 8193
Description =

Error - 10-08-2011 22:30:19 | Computer Name = pe8ce-PC | Source = System Restore | ID = 8193
Description =

Error - 10-08-2011 22:30:22 | Computer Name = pe8ce-PC | Source = System Restore | ID = 8193
Description =

Error - 12-08-2011 06:21:31 | Computer Name = pe8ce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: ffmpegmt.dll, version: 0.0.0.0, time
stamp: 0x4da31764 Exception code: 0x40000015 Fault offset: 0x00001a89 Faulting process
id: 0x47c Faulting application start time: 0x01cc58d6d3d0f0b2 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Program Files\Win7codecs\filters\ffmpegmt.dll
Report
Id: d82a4aa2-c4cc-11e0-8bb4-f2f2d09a1c15

Error - 12-08-2011 09:58:30 | Computer Name = pe8ce-PC | Source = Application Hang | ID = 1002
Description = The program SumatraPDF.exe version 1.7.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1d8 Start
Time: 01cc58f7e28e05ba Termination Time: 0 Application Path: C:\Program Files\SumatraPDF\SumatraPDF.exe

Report
Id: 259a6bfa-c4eb-11e0-a42a-0024338a5f63

Error - 12-08-2011 17:06:13 | Computer Name = pe8ce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 14.0.6024.1000, time
stamp: 0x4d83e607 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b96e Exception code: 0xc0000374 Fault offset: 0x000c37b7 Faulting process
id: 0x14c8 Faulting application start time: 0x01cc592cbdef3916 Faulting application
path: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: e8e70467-c526-11e0-a42a-0024338a5f63

Error - 13-08-2011 06:54:34 | Computer Name = pe8ce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mpc-hc.exe, version: 1.5.3.3611, time stamp:
0x4e3ffbef Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00024cb0 Faulting process id:
0x1650 Faulting application start time: 0x01cc59a66cfaea4b Faulting application path:
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a0d8f413-c59a-11e0-a42a-0024338a5f63

Error - 13-08-2011 12:27:12 | Computer Name = pe8ce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BitComet.exe, version: 1.27.4.22, time
stamp: 0x4db1516f Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b96e Exception code: 0xc0000374 Fault offset: 0x000c37b7 Faulting process
id: 0xf34 Faulting application start time: 0x01cc59d56e911c18 Faulting application
path: C:\Program Files\BitComet\BitComet.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 1873cc61-c5c9-11e0-8d74-0024338a5f63

Error - 18-08-2011 02:56:57 | Computer Name = pe8ce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mpc-hc.exe, version: 1.5.3.3611, time stamp:
0x4e3ffbef Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00024cb0 Faulting process id:
0x1ed8 Faulting application start time: 0x01cc5d73f6f608c4 Faulting application path:
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 430c6c94-c967-11e0-bb74-0024338a5f63

[ System Events ]
Error - 23-07-2011 19:36:45 | Computer Name = pe8ce-PC | Source = Service Control Manager | ID = 7031
Description = The Desktop Window Manager Session Manager service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 23-07-2011 19:36:45 | Computer Name = pe8ce-PC | Source = Service Control Manager | ID = 7031
Description = The WLAN AutoConfig service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 23-07-2011 19:36:45 | Computer Name = pe8ce-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.

Error - 23-07-2011 19:40:04 | Computer Name = pe8ce-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 05:08:42 on ?24-?07-?2011 was unexpected.

Error - 23-07-2011 19:40:05 | Computer Name = PE8CE-PC | Source = BugCheck | ID = 1001
Description =

Error - 23-07-2011 20:46:38 | Computer Name = pe8ce-PC | Source = athr | ID = 5003
Description = Atheros AR928X Wireless Network Adapter : Could not find a network
adapter.

Error - 23-07-2011 21:45:26 | Computer Name = pe8ce-PC | Source = athr | ID = 5003
Description = Atheros AR928X Wireless Network Adapter : Could not find a network
adapter.

Error - 26-07-2011 08:00:34 | Computer Name = pe8ce-PC | Source = DCOM | ID = 10010
Description =

Error - 26-07-2011 13:58:28 | Computer Name = pe8ce-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:21:06 on ?26-?07-?2011 was unexpected.

Error - 26-07-2011 14:03:05 | Computer Name = pe8ce-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >

#11 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 20 August 2011 - 03:01 PM

hi gringo!

Did OTL scan... (didn't know it will complete so fast, otherwise I would have done earlier)

Didn't face any problem apart from Comodo Firewall going crazy over OTL (false positive I guess?)

waiting for your views on the matter...thanks


PS:- If you find something (apart from any infection) that might be slowing down my computer, please tell. (tried cleaning registry and all but not much improvement in performance)

#12 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 20 August 2011 - 03:09 PM

ok one thing I have noted after completing OTL scan. Comodo Firewall has blocked 240 (now 283) intrusions (before running OTL- 0),
Application is Windows Operating System, all on the same port, from different IPs. No torrent client running. Also System using 67.8% traffic.

(should I actually be worried about all this or just let the firewall do its job?)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 20 August 2011 - 05:00 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = <http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4>
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 20 August 2011 - 10:55 PM

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\4. Daily\Program Data\. DESKTOP\Bleeping Computer\OTL\cmd.bat deleted successfully.
E:\4. Daily\Program Data\. DESKTOP\Bleeping Computer\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: pe8ce
->Temp folder emptied: 404943371 bytes
->Temporary Internet Files folder emptied: 18118245 bytes
->Java cache emptied: 1737286 bytes
->FireFox cache emptied: 4033824 bytes
->Google Chrome cache emptied: 226199824 bytes
->Flash cache emptied: 2810 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3279874208 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,753.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: pe8ce
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.5 log created on 08212011_091227

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15 pixart8

pixart8
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 24 August 2011 - 12:29 AM

bump




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users