Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware problem


  • This topic is locked This topic is locked
17 replies to this topic

#16 asdd

asdd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 21 October 2011 - 07:14 PM

OTL logfile created on: 10/21/2011 7:56:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Vlad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 45.23% Memory free
7.68 Gb Paging File | 5.53 Gb Available in Paging File | 72.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.00 Gb Total Space | 101.91 Gb Free Space | 35.76% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
 
Computer Name: VLAD-PC | User Name: Vlad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Vlad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe ()
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe ()
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll ()
MOD - C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe ()
SRV:[b]64bit:[/b] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:[b]64bit:[/b] - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:[b]64bit:[/b] - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe ()
SRV:[b]64bit:[/b] - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe ()
SRV:[b]64bit:[/b] - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:[b]64bit:[/b] - (usprserv) -- C:\Windows\SysNative\svchost.exe ()
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV:[b]64bit:[/b] - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CEEBC40A-FDED-4C59-B354-939132350B01) -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DCPFLICS) -- C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (hitmanpro35) -- C:\Windows\SysNative\drivers\hitmanpro35.sys ()
DRV:[b]64bit:[/b] - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys ()
DRV:[b]64bit:[/b] - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys ()
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:[b]64bit:[/b] - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:[b]64bit:[/b] - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys ()
DRV:[b]64bit:[/b] - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys ()
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:[b]64bit:[/b] - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:[b]64bit:[/b] - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:[b]64bit:[/b] - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:[b]64bit:[/b] - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys ()
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:[b]64bit:[/b] - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys ()
DRV:[b]64bit:[/b] - (KLBG) -- C:\Windows\SysNative\DRIVERS\klbg.sys ()
DRV:[b]64bit:[/b] - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:[b]64bit:[/b] - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:[b]64bit:[/b] - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys ()
DRV:[b]64bit:[/b] - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys ()
DRV:[b]64bit:[/b] - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys ()
DRV:[b]64bit:[/b] - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys ()
DRV:[b]64bit:[/b] - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys ()
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:[b]64bit:[/b] - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:[b]64bit:[/b] - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys ()
DRV:[b]64bit:[/b] - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:[b]64bit:[/b] - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:[b]64bit:[/b] - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys ()
DRV:[b]64bit:[/b] - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (MaVctrl) -- C:\Windows\SysWOW64\drivers\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-603140689-2507800606-2663188864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z137&install_date=20110919
IE - HKU\S-1-5-21-603140689-2507800606-2663188864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-603140689-2507800606-2663188864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-603140689-2507800606-2663188864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:2.4.26
FF - prefs.js..extensions.enabledItems: service@touchpdf.com:1.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Vlad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/29 18:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/20 15:07:37 | 000,000,000 | ---D | M]
 
[2009/03/16 22:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Extensions
[2011/10/21 02:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions
[2010/05/01 16:20:58 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/07/07 23:15:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/19 02:34:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/14 18:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/03 12:45:47 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/02/03 12:45:42 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/08/23 22:06:04 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010/02/03 12:45:40 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/12/23 21:35:13 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\activegs@freetoolsassociation.com
[2010/09/03 17:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\nemesis@www.spuler.us
[2011/02/17 14:00:21 | 000,000,000 | ---D | M] (pdfit) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\service@touchpdf.com
[2011/04/22 01:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\extensions\toolbar@ask.com
[2011/09/19 01:49:22 | 000,001,945 | ---- | M] () -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\searchplugins\bing-zugo.xml
[2011/10/19 14:22:48 | 000,001,524 | ---- | M] () -- C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\5mcma82d.default\searchplugins\swagbuckscom.xml
[2011/10/20 15:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/01 08:32:00 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/30 19:19:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/20 15:14:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/20 15:13:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/23 07:23:24 | 001,916,928 | ---- | M] (Total Immersion) -- C:\Program Files (x86)\mozilla firefox\plugins\NPDFusionWebFirefox.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/04/10 10:50:44 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2011/10/19 13:57:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\x64\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-603140689-2507800606-2663188864-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-603140689-2507800606-2663188864-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-603140689-2507800606-2663188864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:[b]64bit:[/b] - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\x64\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-603140689-2507800606-2663188864-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B9C4518-F0EB-4406-B2A4-D01FBA9AB27A}: DhcpNameServer = 192.168.1.1 71.242.0.12
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\symres - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll ()
O24 - Desktop WallPaper: C:\Users\Vlad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Vlad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/10/21 19:55:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vlad\Desktop\OTL.exe
[2011/10/20 16:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/20 15:16:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Vlad\TFC.exe
[2011/10/20 15:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/20 15:14:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/20 15:14:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/20 15:14:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/20 15:01:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/20 11:21:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/19 16:43:12 | 000,000,000 | ---D | C] -- C:\Users\Vlad\AppData\Local\temp
[2011/10/19 13:20:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/18 03:15:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Vlad\HijackThis.exe
[2011/09/29 15:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/09/29 15:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2011/09/28 19:06:02 | 000,000,000 | ---D | C] -- C:\Users\Vlad\Desktop\cvrsme
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/10/21 19:55:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vlad\Desktop\OTL.exe
[2011/10/21 19:48:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/21 19:48:15 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/10/21 19:48:06 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 19:48:06 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 19:47:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/21 03:00:12 | 015,540,284 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat
[2011/10/21 03:00:12 | 002,441,276 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat
[2011/10/21 03:00:12 | 000,142,956 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx
[2011/10/21 03:00:12 | 000,011,668 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx
[2011/10/21 03:00:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/21 02:36:04 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/21 02:09:36 | 002,360,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/20 15:16:09 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Vlad\TFC.exe
[2011/10/20 15:13:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/10/20 15:13:13 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/20 15:13:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/20 15:13:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/20 15:07:37 | 000,001,922 | ---- | M] () -- C:\Users\Vlad\Adobe Reader X.lnk
[2011/10/19 13:57:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/18 03:15:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Vlad\HijackThis.exe
[2011/10/16 02:15:58 | 001,915,142 | ---- | M] () -- C:\Users\Vlad\Kaspersky_16_OCT_2011_Debrastagi_com.rar
[2011/10/16 01:43:06 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/10/11 15:55:03 | 000,782,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/11 15:55:03 | 000,660,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/11 15:55:03 | 000,126,088 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/28 01:19:38 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/10/20 15:07:37 | 000,001,922 | ---- | C] () -- C:\Users\Vlad\Adobe Reader X.lnk
[2011/10/20 15:07:37 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/20 01:47:20 | 000,000,000 | ---- | C] () -- C:\Users\Vlad\AppData\Local\{B4252E14-566D-4DFC-945E-913B3D7ED790}
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/01/11 16:13:04 | 000,129,743 | ---- | C] () -- C:\Windows\hppins21.dat
[2010/01/11 16:12:34 | 000,003,729 | ---- | C] () -- C:\Windows\hppmdl21.dat
[2009/12/11 18:19:59 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL
[2009/12/11 18:19:58 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/10/24 14:13:47 | 000,000,139 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/09/08 23:57:42 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/08 23:54:23 | 000,735,238 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/25 20:05:10 | 000,099,384 | ---- | C] () -- C:\Users\Vlad\AppData\Roaming\inst.exe
[2009/06/19 23:32:15 | 000,164,285 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/05/01 17:06:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/19 23:40:25 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/04/17 21:47:29 | 000,093,696 | ---- | C] () -- C:\Users\Vlad\AppData\Roaming\ezpinst.exe
[2009/03/23 13:54:48 | 000,007,052 | ---- | C] () -- C:\Users\Vlad\AppData\Local\d3d9caps.dat
[2009/03/17 20:49:50 | 000,084,234 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/03/17 20:23:13 | 000,038,215 | ---- | C] () -- C:\Windows\scunin.dat
[2009/03/17 18:38:49 | 000,043,780 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009/03/17 17:57:23 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/03/17 17:57:23 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/03/17 17:57:23 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/03/17 12:20:02 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/03/16 23:09:37 | 000,134,122 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2009/03/16 22:53:00 | 000,105,984 | ---- | C] () -- C:\Users\Vlad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/03 21:08:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/20 00:55:47 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/01/20 00:55:47 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/19 23:48:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/10 09:28:16 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/12/30 18:50:08 | 000,000,448 | ---- | C] () -- C:\Windows\powermp3wavconverter.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\Windows\SysWow64\FTDIUN2K.INI
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\Windows\SysWow64\SUSUSB.SYS
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2009/08/14 18:50:38 | 000,000,000 | ---D | M](C:\Users\Vlad\AppData\Roaming\???????sAppData) -- C:\Users\Vlad\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2009/08/14 18:50:38 | 000,000,000 | ---D | M](C:\Users\Vlad\AppData\Roaming\???????sAppData) -- C:\Users\Vlad\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\Vlad\AppData\Roaming\???????sAppData) -- C:\Users\Vlad\AppData\Roaming\敎潲䍄敔灭慬整sAppData
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:63238B95
@Alternate Data Stream - 1176 bytes -> C:\ProgramData\Microsoft:7Rv86BgrvL9bRdysD06nN
@Alternate Data Stream - 1151 bytes -> C:\ProgramData\Microsoft:RwyVaswKL2SkTt6DnHD9rT5
@Alternate Data Stream - 1094 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:azbBkvyEYQf54YsZjcD

< End of report >

what i mean about it appearing in the msconfig is

if you go into the MSconfig panel, then go to the startup tab, there are startup items that have a check next to them that are enabled to start up with the comp, while the others dont have a check which are the ones i disabled from start up, the processes are listed in start up but do not have a check next to them

Edited by asdd, 22 October 2011 - 12:32 AM.


BC AdBot (Login to Remove)

 


#17 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 24 October 2011 - 02:56 AM

They are not showing up anywhere else so there is nothing I can do


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#18 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 27 October 2011 - 01:07 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users