PC Protector Issues

View previous topic View next topic Go down

PC Protector Issues

Post by ZombieCate on 9th February 2010, 6:32 pm

A few days ago PC Protector ended up on my computer. Now Malwarebytes wont work and if I restart my computer I have to do so repeatedly in order to get it to work. I have tried using Kespersky(Paid) and AVG(free) as well and looked up various removal steps and programs, but nothing seems to be getting rid of the problem.

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:24 PM, on 2/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\John\My Documents\Downloads\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ADC PlugIn - {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - C:\Program Files\adc32.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware

Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [yewujupik] Rundll32.exe "c:\windows\system32\mokajiso.dll",a
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus

2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus

2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

[You must be registered and logged in to see this link.]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -

[You must be registered and logged in to see this link.]
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\rezalefe.dll fomegozu.dll

c:\windows\system32\mokajiso.dll,wagopiva.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O21 - SSODL: navinokib - {55c3f82c-cab9-4443-a81e-7b14006ded16} - (no file)
O21 - SSODL: vanolavoh - {c8fcc493-5e28-4f99-8bcb-bdda457f2a8b} - c:\windows\system32\visujowo.dll (file missing)
O21 - SSODL: tiledejuh - {316b221b-b5d4-491d-ad93-0f4e7925d136} - c:\windows\system32\mokajiso.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {55c3f82c-cab9-4443-a81e-7b14006ded16} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {c8fcc493-5e28-4f99-8bcb-bdda457f2a8b} - c:\windows\system32\visujowo.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {316b221b-b5d4-491d-ad93-0f4e7925d136} - c:\windows\system32\mokajiso.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 11978 bytes

ZombieCate
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-09
OS OS : Windows XP
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Protector Issues

Post by Belahzur on 9th February 2010, 7:00 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: ADC PlugIn - {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - C:\Program Files\adc32.dll
    O4 - HKLM\..\Run: [yewujupik] Rundll32.exe "c:\windows\system32\mokajiso.dll",a
    O20 - AppInit_DLLs: c:\windows\system32\rezalefe.dll fomegozu.dll c:\windows\system32\mokajiso.dll,wagopiva.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
    O21 - SSODL: navinokib - {55c3f82c-cab9-4443-a81e-7b14006ded16} - (no file)
    O21 - SSODL: vanolavoh - {c8fcc493-5e28-4f99-8bcb-bdda457f2a8b} - c:\windows\system32\visujowo.dll (file missing)
    O21 - SSODL: tiledejuh - {316b221b-b5d4-491d-ad93-0f4e7925d136} - c:\windows\system32\mokajiso.dll (file missing)
    O22 - SharedTaskScheduler: tokatiluy - {55c3f82c-cab9-4443-a81e-7b14006ded16} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {c8fcc493-5e28-4f99-8bcb-bdda457f2a8b} - c:\windows\system32\visujowo.dll (file missing)
    O22 - SharedTaskScheduler: gahurihor - {316b221b-b5d4-491d-ad93-0f4e7925d136} - c:\windows\system32\mokajiso.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Protector Issues

Post by ZombieCate on 9th February 2010, 7:19 pm

I have gone through the hijackthis and done the steps but Malwarbytes still will not work. as box pops up saying 'Windows is searching for mbam.exe. To locate yourself, click Browse.'

ZombieCate
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-09
OS OS : Windows XP
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Protector Issues

Post by Belahzur on 10th February 2010, 7:23 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Protector Issues

Post by ZombieCate on 11th February 2010, 12:52 am

OTL.txt

OTL logfile created on: 2/10/2010 6:23:53 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\John\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 420.70 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RIPPER
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/09 12:26:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/02/09 12:00:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\My Documents\Downloads\OTL.exe
PRC - [2010/01/28 17:52:57 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/28 17:52:57 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/28 17:52:57 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/28 17:52:57 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/28 17:52:56 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/28 17:52:56 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/28 17:52:55 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/21 17:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/16 17:02:39 | 001,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2009/12/01 11:38:47 | 003,951,976 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/11/25 12:30:00 | 002,983,376 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/15 10:13:06 | 003,662,632 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/07/15 10:13:04 | 000,393,512 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009/07/15 10:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/07/15 10:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009/07/02 11:04:08 | 000,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/08 08:31:04 | 000,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/20 15:47:36 | 016,860,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2005/04/04 18:58:30 | 003,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 18:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/02/09 12:00:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\My Documents\Downloads\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/09 12:26:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/01/28 17:52:56 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/28 17:52:55 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/21 17:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/20 12:34:52 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/15 10:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/07/15 10:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/07/02 11:04:08 | 000,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/06/24 15:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/06/08 08:31:04 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2008/03/19 16:04:00 | 000,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)


========== Driver Services (SafeList) ==========

DRV - [2010/02/08 19:20:15 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/01/28 17:53:06 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/28 17:53:06 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/28 17:52:57 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/02 11:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/20 13:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/09/15 10:07:10 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/04/13 10:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/22 09:18:44 | 000,038,560 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/03/19 16:04:00 | 007,086,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/01/03 08:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/20 17:00:06 | 004,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/12 15:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 18:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/13 13:33:28 | 000,008,192 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2005/03/16 00:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2004/06/22 09:05:12 | 000,051,088 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2004/06/22 09:05:12 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/06/22 09:05:12 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2001/08/23 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}:2.1.4
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/28 17:52:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/01/28 17:53:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/17 12:38:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 15:19:57 | 000,000,000 | ---D | M]

[2010/01/17 01:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2010/02/10 08:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions
[2010/01/17 01:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}
[2010/01/17 01:24:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/10 08:51:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/08 19:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2010/02/08 01:56:47 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [You must be registered and logged in to see this link.] (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 68.115.71.53 24.196.64.53
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (wagopiva.dll) - C:\WINDOWS\System32\wagopiva.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/05 19:33:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/09 13:16:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/09 13:16:06 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/09 12:27:58 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\John\Desktop\winlogon.scr
[2010/02/09 12:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/09 12:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/02/09 12:26:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/09 12:26:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/09 12:26:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/09 12:26:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/09 11:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/09 11:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WTablet
[2010/02/08 19:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/02/08 19:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/02/08 19:20:14 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/02/08 18:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/02/08 12:00:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/08 01:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/02/07 23:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Your PC Protector
[2010/02/07 09:15:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/02/07 09:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/07 09:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/07 09:14:40 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/02/07 09:14:40 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/02/07 09:14:40 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/02/07 09:14:40 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/02/07 09:14:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/02/07 09:14:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/02/07 09:14:39 | 000,000,000 | ---D | C] -- C:\a8f680eb4ccf05bf45
[2010/02/06 21:52:19 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/02/06 21:50:29 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/06 21:50:29 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/05 09:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\NeroDigital™
[2010/02/04 20:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Nero Home
[2010/02/04 20:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Nero
[2010/02/03 18:02:12 | 000,000,000 | ---D | C] -- C:\WTablet
[2010/01/30 18:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/01/30 18:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/01/30 18:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/01/30 18:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Threat Expert
[2010/01/30 18:01:21 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/30 18:01:19 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/30 18:01:19 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/01/30 18:01:19 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/30 17:59:18 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/30 17:59:08 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/30 17:59:08 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/30 17:58:51 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/30 17:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/30 17:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/30 17:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\PC Tools
[2010/01/30 17:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/30 17:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/29 00:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/01/29 00:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Google
[2010/01/28 17:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local

ZombieCate
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-09
OS OS : Windows XP
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Protector Issues

Post by ZombieCate on 11th February 2010, 12:52 am

Settings\Application Data\AVG Security Toolbar
[2010/01/28 17:53:20 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/01/28 17:53:10 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/28 17:53:06 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/28 17:53:06 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/28 17:53:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/01/28 17:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/28 17:52:57 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/28 17:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/28 17:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/28 17:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/01/28 17:51:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/28 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/28 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/28 17:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\TeamViewer
[2010/01/28 17:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/01/28 15:08:41 | 000,000,000 | ---D | C] -- C:\fsaua.data
[2010/01/27 19:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2010/01/27 19:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/26 09:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/01/25 22:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/01/25 22:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/01/25 22:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Electronic Arts
[2010/01/25 22:00:34 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/01/25 22:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/01/25 21:58:56 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/01/25 21:58:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/01/25 21:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/01/23 20:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/01/23 15:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/01/23 15:19:57 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/23 15:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/23 15:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Sun
[2010/01/20 13:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\AdobeUM
[2010/01/20 13:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\illustrator_lm
[2010/01/20 12:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Adobe
[2010/01/20 12:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Updater
[2010/01/20 12:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2010/01/20 12:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2010/01/20 12:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2010/01/20 12:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/01/20 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/01/20 12:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/01/17 13:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\WTablet
[2010/01/17 13:22:06 | 000,220,968 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Touch_Tablet.dll
[2010/01/17 13:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\WTouch
[2010/01/17 13:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/01/17 13:21:48 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/01/17 13:21:45 | 006,124,840 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\PenTablet.cpl
[2010/01/17 13:21:42 | 000,011,440 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\WacomVKHid.sys
[2010/01/17 13:21:36 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys
[2010/01/17 13:21:34 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys
[2010/01/17 13:21:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
[2010/01/17 13:21:30 | 000,392,488 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.dll
[2010/01/17 13:21:30 | 000,284,672 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2010/01/17 13:21:27 | 004,408,616 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
[2010/01/17 13:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/01/17 13:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Bioshock
[2010/01/17 13:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Bioshock
[2010/01/17 13:17:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Application Data\SecuROM
[2010/01/17 13:15:43 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010/01/17 13:15:43 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010/01/17 13:15:43 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010/01/17 13:15:43 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010/01/17 13:15:43 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_2.dll
[2010/01/17 13:15:42 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/01/17 13:15:41 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010/01/17 13:15:40 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010/01/17 13:15:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010/01/17 13:15:32 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010/01/17 13:15:31 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/01/17 13:15:31 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/01/17 13:15:31 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010/01/17 13:15:31 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010/01/17 13:15:31 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010/01/17 13:15:31 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010/01/17 13:15:30 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010/01/17 13:15:30 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/01/17 13:15:30 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/01/17 13:15:30 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010/01/17 13:15:30 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/01/17 13:15:29 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/01/17 13:15:29 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/01/17 13:15:29 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/01/17 13:15:28 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/01/17 13:15:28 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/01/17 13:15:28 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010/01/17 13:15:28 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/01/17 13:15:27 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/01/17 13:14:36 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/01/17 13:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2010/01/17 12:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\BAT CAVE
[2010/01/17 12:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Art
[2010/01/17 12:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Random
[2010/01/17 12:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\U3
[2010/01/17 12:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\portalgraphics
[2010/01/17 12:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Apple Computer
[2010/01/17 12:39:17 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/01/17 12:39:17 | 000,026,600 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2010/01/17 12:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/01/17 12:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/17 12:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/17 12:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/01/17 12:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/17 12:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/01/17 12:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Apple
[2010/01/17 12:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/01/17 12:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/01/17 12:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/01/17 12:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Apple Computer
[2010/01/17 12:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Tracing
[2010/01/17 12:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/01/17 12:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/01/17 12:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/01/17 12:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/01/17 12:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/01/17 12:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\AIM
[2010/01/17 12:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\acccore
[2010/01/17 12:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\AOL
[2010/01/17 12:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/01/17 12:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/01/17 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/01/17 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/01/17 12:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Macromedia
[2010/01/17 12:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Downloads
[2010/01/17 01:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/01/17 01:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Mozilla
[2010/01/17 01:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Mozilla
[2010/01/17 01:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/17 01:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/17 01:07:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/01/17 01:07:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/01/17 01:07:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/01/17 01:07:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/01/17 01:07:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/01/17 01:06:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/01/17 01:04:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/01/17 01:02:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/01/16 18:55:53 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/01/16 18:55:37 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/16 18:55:06 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/01/16 18:55:06 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/01/16 18:53:50 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/01/16 18:53:49 | 000,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/01/16 18:53:47 | 000,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/01/16 18:53:43 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/01/16 18:52:56 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/01/16 18:52:56 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/01/16 18:52:56 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/01/16 18:52:56 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/01/16 18:52:56 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/01/16 18:52:56 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/01/16 18:52:56 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/01/16 18:52:56 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/01/16 18:52:56 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/01/16 18:52:56 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/01/16 18:52:55 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/01/16 18:52:55 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/01/16 18:52:55 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/01/16 18:52:55 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/01/16 18:52:55 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/01/16 18:52:55 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/01/16 18:52:54 | 001,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2010/01/16 18:52:54 | 000,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2010/01/16 18:52:54 | 000,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2010/01/16 18:52:54 | 000,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2010/01/16 18:52:35 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/01/16 18:52:35 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/01/16 18:52:35 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/01/16 18:52:35 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/01/16 18:52:35 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/01/16 18:52:35 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/01/16 18:52:35 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/01/16 18:52:35 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/01/16 18:52:35 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/01/16 18:52:35 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/01/16 18:52:35 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/01/16 18:52:35 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/01/16 18:52:35 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/01/16 18:52:35 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/01/16 18:52:35 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/01/16 18:52:35 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/01/16 18:52:35 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/01/16 18:52:35 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/01/16 18:52:35 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/01/16 18:52:35 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/01/16 18:52:35 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/01/16 18:52:24 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/01/16 18:51:51 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/01/16 18:51:51 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/01/16 18:51:50 | 002,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/01/16 18:50:47 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/01/16 18:50:46 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/01/16 18:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/01/16 18:36:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/01/16 18:36:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/01/16 18:36:27 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/01/16 18:36:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/01/16 18:35:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/01/16 18:35:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\John\UserData
[2010/01/16 18:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Adobe
[2010/01/16 18:27:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/01/16 18:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\AJ's FOLDER DO NOT TOUCH OR YOU WILL DIE!!!!!!
[2010/01/16 17:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/01/16 16:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/01/16 16:52:35 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/01/16 16:51:32 | 000,051,088 | ---- | C] (HP) -- C:\WINDOWS\System32\drivers\hpzid412.sys
[2010/01/16 16:51:32 | 000,021,744 | ---- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZius12.sys
[2010/01/16 16:51:32 | 000,016,496 | ---- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys
[2010/01/16 16:51:28 | 000,581,632 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl.dll
[2010/01/16 16:51:28 | 000,278,528 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpgwiamd.dll
[2010/01/16 16:51:28 | 000,270,336 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll
[2010/01/16 16:51:28 | 000,090,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst08.dll
[2010/01/16 16:51:27 | 000,344,064 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzcon10.dll
[2010/01/16 16:51:27 | 000,196,608 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzcoi10.dll
[2010/01/16 16:51:27 | 000,135,249 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzlnt10.dll
[2010/01/16 16:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/01/16 16:49:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/01/16 16:44:11 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/01/12 19:48:43 | 000,311,296 | R--- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/01/12 19:48:40 | 000,442,368 | R--- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\biyupufe.dll
[2099/01/01 12:00:00 | 000,054,272 | -HS- | M] () -- C:\WINDOWS\System32\wagopiva.dll
[2099/01/01 12:00:00 | 000,054,272 | -HS- | M] () -- C:\WINDOWS\System32\redonuta.dll
[2099/01/01 12:00:00 | 000,054,272 | -HS- | M] () -- C:\WINDOWS\System32\kapidugo.dll
[2099/01/01 12:00:00 | 000,054,272 | -HS- | M] () -- C:\WINDOWS\System32\jomuhuha.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\pohepalo.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\huzuluyu.dll
[2010/02/10 18:37:52 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\gorusohu
[2010/02/10 18:15:11 | 055,441,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/10 18:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\wwlagcwe.job
[2010/02/10 16:49:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\prvlcl.dat
[2010/02/10 16:05:02 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/02/09 14:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\kdadzsrf.job
[2010/02/09 13:16:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/09 12:27:59 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\John\Desktop\winlogon.scr
[2010/02/09 12:26:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/09 12:26:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/09 12:26:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/09 12:26:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/09 12:26:10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/09 12:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\wwicqaoi.job
[2010/02/09 11:56:22 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/02/09 11:48:54 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/09 11:48:54 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/09 11:48:54 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/09 11:45:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/09 11:44:45 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/02/09 11:44:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 11:43:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 11:20:24 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\matizava.dll
[2010/02/09 11:20:23 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\tijojepe.dll
[2010/02/09 10:52:31 | 003,383,296 | ---- | M] () -- C:\Documents and Settings\John\ntuser.dat
[2010/02/09 10:52:25 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2010/02/09 10:21:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/02/08 23:18:26 | 000,003,117 | -HS- | M] () -- C:\WINDOWS\System32\watalove.dll
[2010/02/08 20:33:07 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Full Scan.lnk
[2010/02/08 19:21:30 | 000,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/02/08 19:21:30 | 000,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/02/08 19:20:15 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/02/07 23:17:42 | 000,000,056 | ---- | M] () -- C:\Program Files\wp4.dat
[2010/02/07 23:17:42 | 000,000,001 | ---- | M] () -- C:\Program Files\wp3.dat
[2010/02/07 23:17:27 | 000,000,009 | ---- | M] () -- C:\Program Files\nuar.old
[2010/02/07 23:17:23 | 000,043,520 | ---- | M] () -- C:\Program Files\alggui.exe
[2010/02/07 23:17:21 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[2010/02/07 09:21:17 | 000,108,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/07 09:20:07 | 000,016,424 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/07 01:02:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/04 22:46:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/04 20:15:37 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\John\.rnd
[2010/02/04 20:09:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/30 20:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/30 17:59:00 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/28 18:38:08 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/28 17:53:10 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/28 17:53:10 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/28 17:53:06 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/28 17:53:06 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/28 17:53:06 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/28 17:53:04 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/28 17:53:04 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/28 17:52:57 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/28 17:23:54 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/01/26 10:19:45 | 000,001,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/01/25 21:57:14 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2010/01/21 17:21:07 | 000,165,840 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/21 17:21:07 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/21 17:21:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/21 17:21:07 | 000,000,879 | ---- | M] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/21 17:21:06 | 001,652,688 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/21 17:21:05 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/20 12:45:18 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2010/01/20 12:42:09 | 000,002,245 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Adobe Illustrator CS2.lnk
[2010/01/20 12:38:54 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Adobe InDesign CS2.lnk
[2010/01/20 12:36:22 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Adobe Photoshop CS2.lnk
[2010/01/20 12:36:22 | 000,001,773 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Adobe ImageReady CS2.lnk
[2010/01/20 12:35:24 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/01/17 14:47:01 | 000,990,210 | ---- | M] () -- C:\Documents and Settings\John\Desktop\oC11b71.exe
[2010/01/17 13:16:08 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\John\Desktop\BioShock.lnk
[2010/01/17 13:14:36 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/01/17 12:38:31 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/17 12:32:01 | 000,000,363 | -H-- | M] () -- C:\IPH.PH
[2010/01/17 12:31:57 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/01/17 12:31:35 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Windows Explorer.lnk
[2010/01/17 01:13:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/17 01:12:58 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/17 01:11:16 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/01/17 01:04:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/16 17:46:13 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Left 4 Dead 2.lnk
[2010/01/16 17:10:46 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Left 4 Dead.lnk
[2010/01/16 16:54:48 | 000,103,535 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2010/01/13 22:09:16 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\John\Application Data\default.pls
[2010/01/12 19:48:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/12 19:33:49 | 000,160,101 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\biyupufe.dll
[2099/01/01 12:00:00 | 000,054,272 | -HS- | C] () -- C:\WINDOWS\System32\wagopiva.dll
[2099/01/01 12:00:00 | 000,054,272 | -HS- | C] () -- C:\WINDOWS\System32\redonuta.dll
[2099/01/01 12:00:00 | 000,054,272 | -HS- | C] () -- C:\WINDOWS\System32\kapidugo.dll
[2099/01/01 12:00:00 | 000,054,272 | -HS- | C] () -- C:\WINDOWS\System32\jomuhuha.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pohepalo.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\huzuluyu.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gorusohu
[2010/02/09 13:16:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/09 11:20:23 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\matizava.dll
[2010/02/09 11:20:23 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\tijojepe.dll
[2010/02/08 23:18:26 | 000,003,117 | -HS- | C] () -- C:\WINDOWS\System32\watalove.dll
[2010/02/08 20:33:07 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Full Scan.lnk
[2010/02/08 19:21:30 | 000,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/02/08 19:21:30 | 000,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/02/08 13:57:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\prvlcl.dat
[2010/02/08 11:18:16 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\wwlagcwe.job
[2010/02/08 10:56:30 | 003,383,296 | ---- | C] () -- C:\Documents and Settings\John\ntuser.dat
[2010/02/07 23:17:27 | 000,000,009 | ---- | C] () -- C:\Program Files\nuar.old
[2010/02/07 23:17:23 | 000,043,520 | ---- | C] () -- C:\Program Files\alggui.exe
[2010/02/07 23:17:21 | 000,000,056 | ---- | C] () -- C:\Program Files\wp4.dat
[2010/02/07 23:17:21 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010/02/07 23:17:21 | 000,000,001 | ---- | C] () -- C:\Program Files\wp3.dat
[2010/01/30 18:01:21 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/01/30 18:01:21 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/30 18:01:21 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/30 18:01:21 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/30 18:01:21 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/01/30 18:01:20 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/01/30 17:59:18 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/30 17:59:08 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/30 17:59:08 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/30 17:59:00 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/30 17:58:52 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/29 10:20:47 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\wwicqaoi.job
[2010/01/28 17:53:10 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/28 17:53:06 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/28 17:53:04 | 055,441,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/28 17:53:04 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/28 17:53:04 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/28 17:53:04 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/28 17:23:54 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/01/28 09:43:38 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\kdadzsrf.job
[2010/01/26 10:19:45 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/01/25 21:57:14 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2010/01/20 12:45:18 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/01/20 12:45:18 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2010/01/20 12:42:09 | 000,002,245 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Adobe Illustrator CS2.lnk
[2010/01/20 12:40:48 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2010/01/20 12:38:54 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Adobe InDesign CS2.lnk
[2010/01/20 12:36:22 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Adobe Photoshop CS2.lnk
[2010/01/20 12:36:22 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Adobe ImageReady CS2.lnk
[2010/01/20 12:35:24 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/01/17 14:46:55 | 000,990,210 | ---- | C] () -- C:\Documents and Settings\John\Desktop\oC11b71.exe
[2010/01/17 13:21:48 | 001,593,072 | ---- | C] () -- C:\WINDOWS\System32\PenTablet.znc
[2010/01/17 13:21:24 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\TouchTabletUserDefaults.xml
[2010/01/17 13:21:24 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml
[2010/01/17 13:20:14 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\John\Desktop\BioShock.lnk
[2010/01/17 12:39:18 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/17 12:38:31 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/17 12:38:13 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/17 12:31:57 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/01/17 12:31:44 | 000,000,363 | -H-- | C] () -- C:\IPH.PH
[2010/01/17 01:13:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/17 01:12:58 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/16 18:52:57 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/01/16 18:52:57 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/01/16 18:52:57 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/01/16 18:52:57 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/01/16 18:52:57 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/01/16 18:52:57 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/01/16 18:52:56 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/01/16 18:52:56 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/01/16 18:52:56 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/01/16 18:52:56 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/01/16 18:52:56 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/01/16 18:52:56 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/01/16 18:52:56 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/01/16 18:52:56 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/01/16 18:52:56 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/01/16 18:52:56 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/01/16 18:52:56 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/01/16 18:52:56 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/01/16 18:52:56 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/01/16 18:52:56 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/01/16 18:52:56 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/01/16 18:52:56 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/01/16 18:52:56 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/01/16 18:52:56 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/01/16 18:52:56 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/01/16 18:52:56 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/01/16 18:52:56 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/01/16 18:52:56 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/01/16 18:52:56 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/01/16 18:52:56 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/01/16 18:52:56 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/01/16 18:52:56 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/01/16 18:52:56 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/01/16 18:52:56 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/01/16 18:52:56 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/01/16 18:52:56 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/01/16 18:52:56 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/01/16 18:52:56 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/01/16 18:52:56 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/01/16 18:52:56 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/01/16 18:52:56 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/01/16 18:52:56 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/01/16 18:52:55 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/01/16 18:52:55 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/01/16 18:52:55 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/01/16 18:52:55 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/01/16 18:52:55 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/01/16 18:52:55 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/01/16 18:52:54 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/01/16 18:52:54 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/01/16 18:52:54 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/01/16 18:52:54 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/01/16 18:52:54 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/01/16 18:52:54 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/01/16 18:52:54 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/01/16 18:52:52 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/01/16 18:52:52 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/01/16 18:52:52 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/01/16 18:52:52 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/01/16 18:52:52 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/01/16 18:52:52 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/01/16 18:52:52 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/01/16 18:52:52 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/01/16 18:52:52 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/01/16 18:52:52 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/01/16 18:52:51 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/01/16 18:52:35 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/01/16 17:46:13 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Left 4 Dead 2.lnk
[2010/01/16 17:10:46 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Left 4 Dead.lnk
[2010/01/16 17:02:20 | 000,002,207 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/01/16 16:51:34 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/16 16:51:33 | 000,103,535 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/01/16 16:51:33 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010/01/13 22:09:16 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\John\Application Data\default.pls
[2010/01/13 20:13:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/12 19:48:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/12 19:48:43 | 000,018,333 | R--- | C] () -- C:\WINDOWS\atiogl.xml
[2010/01/12 19:48:40 | 000,007,167 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/01/12 19:48:38 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/01/12 19:48:38 | 000,197,654 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/01/12 19:48:38 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/19 16:04:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/19 16:04:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/03/19 16:04:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/03/19 16:04:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/03/19 16:04:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[1999/07/06 18:00:00 | 000,000,006 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D81EDBF9-D167-4011-B77D-211DF920EB80

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

ZombieCate
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-09
OS OS : Windows XP
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Protector Issues

Post by ZombieCate on 11th February 2010, 12:53 am

Extras.TXT

OTL Extras logfile created on: 2/10/2010 6:23:59 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\John\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 420.70 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RIPPER
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" (Adobe Systems Incorporated)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4118:TCP" = 4118:TCP:*:Enabled:llhty

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)

ZombieCate
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-09
OS OS : Windows XP
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Protector Issues

Post by ZombieCate on 11th February 2010, 12:53 am

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\WTouch\WTouchUser.exe" = C:\Program Files\WTouch\WTouchUser.exe:*:Enabled:WTouchUser -- (Wacom Technology, Corp.)
"C:\Program Files\iPod\bin\iPodService.exe" = C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService -- (Apple Inc.)
"C:\WINDOWS\system32\Pen_Tablet.exe" = C:\WINDOWS\system32\Pen_Tablet.exe:*:Enabled:Pen_Tablet -- (Wacom Technology, Corp.)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA20FED-A903-46A2-B197-789B4456B508}" = HW Monitor
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E448503F-D677-46DB-AC77-7F9F094DFC01}" = openCanvas4.5e Plus
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Browser Defender_is1" = Browser Defender 2.0.6.15
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"TeamViewer 5" = TeamViewer 5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/30/2010 8:03:35 PM | Computer Name = RIPPER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/8/2010 1:40:22 PM | Computer Name = RIPPER | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/8/2010 1:46:48 PM | Computer Name = RIPPER | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/8/2010 2:35:37 PM | Computer Name = RIPPER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module medialibrarynse.dll, version 3.3.8.0, fault address 0x00002610.

Error - 2/8/2010 2:47:15 PM | Computer Name = RIPPER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msvcr80.dll, version 8.0.50727.4053, fault address 0x00014d18.

Error - 2/8/2010 2:52:13 PM | Computer Name = RIPPER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module medialibrarynse.dll, version 3.3.8.0, fault address 0x000025fc.

Error - 2/8/2010 2:53:47 PM | Computer Name = RIPPER | Source = Application Error | ID = 1001
Description = Fault bucket 847571666.

Error - 2/9/2010 12:39:30 PM | Computer Name = RIPPER | Source = Application Error | ID = 1000
Description = Faulting application avgtray.exe, version 9.0.0.724, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 2/9/2010 12:42:35 PM | Computer Name = RIPPER | Source = Application Error | ID = 1000
Description = Faulting application avgtray.exe, version 9.0.0.724, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 2/9/2010 2:27:14 PM | Computer Name = RIPPER | Source = MsiInstaller | ID = 11311
Description = Product: Java Auto Updater -- Error 1311.Source file not found(cabinet):
C:\Documents and Settings\John\Application Data\Sun\Java\AU\au.cab. Verify that
the file exists and that you can access it.

[ System Events ]
Error - 1/30/2010 10:04:39 PM | Computer Name = RIPPER | Source = Service Control Manager | ID = 7023
Description = The Task Time service terminated with the following error: %%126

Error - 1/31/2010 12:42:07 PM | Computer Name = RIPPER | Source = Service Control Manager | ID = 7023
Description = The Task Time service terminated with the following error: %%126

Error - 1/31/2010 6:05:32 PM | Computer Name = RIPPER | Source = Service Control Manager | ID = 7023
Description = The Task Time service terminated with the following error: %%126

Error - 2/1/2010 12:23:15 AM | Computer Name = RIPPER | Source = Service Control Manager | ID = 7023
Description = The Task Time service terminated with the following error: %%126

Error - 2/1/2010 7:49:28 PM | Computer Name = RIPPER | Source = Service Control Manager | ID = 7023
Description = The Task Time service terminated with the following error: %%126

Error - 2/2/2010 11:37:11 AM | Computer Name = RIPPER | Source = Service Control Manager | ID = 7023
Description = The Task Time service terminated with the following error: %%126

Error - 2/2/2010 5:25:29 PM | Computer Name = RIPPER | Source = Service Control Manager | ID = 7023
Description = The Task Time service terminated with the following error: %%126

Error - 2/2/2010 5:26:00 PM | Computer Name = RIPPER | Source = Service Control Manager | ID = 7034
Description = The STOPzilla Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/3/2010 11:09:59 AM | Computer Name = RIPPER | Source = Service Control Manager | ID = 7023
Description = The Task Time service terminated with the following error: %%126

Error - 2/3/2010 7:55:59 PM | Computer Name = RIPPER | Source = Service Control Manager | ID = 7023
Description = The Task Time service terminated with the following error: %%126


< End of report >

ZombieCate
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-09
OS OS : Windows XP
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Protector Issues

Post by Belahzur on 11th February 2010, 9:04 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Protector Issues

Post by ZombieCate on 11th February 2010, 9:55 pm

ComboFix 10-02-11.04 - John 02/11/2010 15:37:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2567 [GMT -6:00]
Running from: c:\documents and settings\John\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\John\Start Menu\Programs\Your PC Protector
c:\documents and settings\John\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk
C:\LOG.TXT
c:\program files\alggui.exe
c:\program files\driver
c:\program files\nuar.old
c:\program files\wp3.dat
c:\program files\wp4.dat
c:\program files\Your PC Protector
c:\windows\system32\matizava.dll
c:\windows\system32\tijojepe.dll
c:\windows\system32\watalove.dll
c:\windows\Tasks\kdadzsrf.job
c:\windows\Tasks\wwicqaoi.job
c:\windows\Tasks\wwlagcwe.job

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.

2010-02-09 19:16 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-09 19:16 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-09 18:26 . 2010-02-09 18:26 -------- d-----w- c:\program files\Sun
2010-02-09 17:49 . 2010-02-09 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-09 01:29 . 2010-02-09 01:29 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-02-09 01:29 . 2010-02-09 01:29 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-02-09 01:21 . 2010-02-09 01:21 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-09 01:21 . 2010-02-09 01:21 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-09 01:20 . 2010-02-11 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-09 01:20 . 2010-02-09 01:20 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-09 00:54 . 2010-02-09 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-08 19:57 . 2010-02-11 14:49 0 ----a-w- c:\documents and settings\John\Local Settings\Application Data\prvlcl.dat
2010-02-08 17:21 . 2010-02-08 17:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-08 07:56 . 2010-02-08 07:56 -------- d-----w- c:\program files\Enigma Software Group
2010-02-08 05:17 . 2010-02-08 05:17 36 ----a-w- c:\program files\skynet.dat
2010-02-07 15:15 . 2010-02-07 15:15 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-07 15:15 . 2010-02-07 15:15 -------- d-----w- c:\program files\MSBuild
2010-02-07 15:15 . 2010-02-07 15:15 -------- d-----w- c:\program files\Reference Assemblies
2010-02-07 15:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-07 15:14 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-07 15:14 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-07 15:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-07 15:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-07 15:14 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-07 15:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-07 15:14 . 2010-02-07 15:14 -------- d-----w- C:\a8f680eb4ccf05bf45
2010-02-07 15:14 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-07 15:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-07 03:52 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-02-07 03:50 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-07 03:50 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-05 15:35 . 2010-02-05 15:35 -------- d-----w- c:\documents and settings\John\Application Data\NeroDigital™
2010-02-05 15:29 . 2010-02-07 15:55 177432 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgImeem.dll
2010-02-05 15:28 . 2010-02-05 15:28 509208 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\Tangle.dll
2010-02-05 02:15 . 2010-02-05 02:15 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Nero
2010-02-05 02:12 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-04 00:02 . 2010-02-04 00:02 -------- d-----w- C:\WTablet
2010-01-31 00:16 . 2010-02-06 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-01-31 00:15 . 2010-02-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-31 00:15 . 2010-01-31 00:15 -------- d-----w- c:\program files\Common Files\iS3
2010-01-31 00:03 . 2010-01-31 00:03 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Threat Expert
2010-01-31 00:01 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-31 00:01 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-31 00:01 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2010-01-31 00:01 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-31 00:01 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-31 00:01 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-30 23:59 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-30 23:59 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-30 23:59 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-30 23:58 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-30 23:58 . 2010-02-11 21:47 -------- d-----w- c:\program files\Spyware Doctor
2010-01-30 23:58 . 2010-01-31 00:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-30 23:58 . 2010-01-30 23:58 -------- d-----w- c:\documents and settings\John\Application Data\PC Tools
2010-01-30 23:58 . 2010-01-30 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-30 23:58 . 2010-02-11 21:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-29 17:44 . 2009-11-25 19:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-01-29 06:13 . 2010-01-29 06:13 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Google
2010-01-29 06:13 . 2009-12-16 22:05 471040 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2010-01-29 06:13 . 2009-12-16 22:05 347136 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-01-29 06:13 . 2009-12-16 22:05 340992 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-01-29 06:13 . 2009-12-16 22:05 43008 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-01-29 06:13 . 2009-12-16 22:05 1452032 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-01-29 00:41 . 2010-01-28 23:52 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-29 00:41 . 2010-01-28 23:52 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-28 23:55 . 2010-01-28 23:55 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\AVG Security Toolbar
2010-01-28 23:53 . 2010-01-28 23:53 -------- d-----w- C:\$AVG
2010-01-28 23:53 . 2010-01-28 23:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-28 23:53 . 2010-01-28 23:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-28 23:53 . 2010-01-28 23:53 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-28 23:53 . 2010-02-11 15:47 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-28 23:53 . 2010-01-28 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-28 23:52 . 2010-01-28 23:52 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-28 23:52 . 2010-01-28 23:52 -------- d-----w- c:\program files\AVG
2010-01-28 23:52 . 2010-02-11 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-28 23:52 . 2010-01-28 23:52 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-28 23:23 . 2010-01-28 23:23 -------- d-----w- c:\documents and settings\John\Application Data\TeamViewer
2010-01-28 23:23 . 2010-01-28 23:23 -------- d-----w- c:\program files\TeamViewer
2010-01-28 21:08 . 2010-01-28 21:08 -------- d-----w- C:\fsaua.data
2010-01-28 01:08 . 2010-01-28 01:08 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2010-01-28 01:07 . 2010-01-28 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-26 16:19 . 2010-01-26 15:51 38784 ----a-w- c:\documents and settings\John\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-01-26 15:51 . 2010-01-26 15:51 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-01-26 15:51 . 2010-01-26 15:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-26 04:08 . 2010-01-26 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-26 04:08 . 2010-01-26 04:08 -------- d-----w- C:\ProgramData
2010-01-26 04:00 . 2008-09-04 20:11 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-26 04:00 . 2010-01-26 04:00 10134 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-26 04:00 . 2010-01-26 04:00 -------- d-----w- c:\program files\Microsoft WSE
2010-01-26 03:44 . 2010-01-26 04:04 -------- d-----w- c:\program files\Electronic Arts
2010-01-24 02:53 . 2010-01-24 02:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-23 21:20 . 2010-01-23 21:20 -------- d-----w- c:\windows\Sun
2010-01-23 21:19 . 2010-02-09 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 21:19 . 2010-02-09 18:26 -------- d-----w- c:\program files\Java
2010-01-23 21:19 . 2010-01-23 21:19 152576 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-23 21:19 . 2010-01-23 21:19 79488 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-20 20:33 . 2007-10-23 15:27 110592 ----a-w- c:\documents and settings\John\Application Data\U3\temp\cleanup.exe
2010-01-20 19:33 . 2010-01-20 19:33 -------- d-----w- c:\documents and settings\John\Application Data\AdobeUM
2010-01-20 18:48 . 2010-01-20 19:32 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Adobe
2010-01-20 18:40 . 2004-08-17 01:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2010-01-20 18:36 . 2010-01-20 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-01-20 18:34 . 2010-01-20 18:34 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-01-20 18:34 . 2010-01-20 18:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-19 15:40 . 2010-02-11 16:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-01-17 19:22 . 2010-02-11 21:46 -------- d-----w- c:\documents and settings\John\Application Data\WTablet
2010-01-17 19:19 . 2010-02-08 05:07 -------- d-----w- c:\documents and settings\John\Application Data\Bioshock
2010-01-17 19:17 . 2010-01-17 19:17 -------- d--h--r- c:\documents and settings\John\Application Data\SecuROM
2010-01-17 19:14 . 2010-01-17 19:14 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-17 19:07 . 2010-01-17 19:07 -------- d-----w- c:\program files\2K Games
2010-01-17 18:44 . 2007-10-23 15:22 3350528 ---ha-w- c:\documents and settings\John\Application Data\U3\temp\Launchpad Removal.exe
2010-01-17 18:43 . 2010-02-03 15:58 -------- d-----w- c:\documents and settings\John\Application Data\U3
2010-01-17 18:40 . 2010-01-17 18:40 45056 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{E448503F-D677-46DB-AC77-7F9F094DFC01}\_28C06EB88381_4D72_BA9C_FEBD7FB46252.exe
2010-01-17 18:40 . 2010-01-17 18:40 15086 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{E448503F-D677-46DB-AC77-7F9F094DFC01}\oC4.exe
2010-01-17 18:40 . 2010-01-17 18:40 -------- d-----w- c:\program files\portalgraphics
2010-01-17 18:39 . 2010-01-17 18:40 -------- d-----w- c:\documents and settings\John\Application Data\Apple Computer
2010-01-17 18:39 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-17 18:39 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\program files\iPod
2010-01-17 18:38 . 2010-01-17 18:39 -------- d-----w- c:\program files\iTunes
2010-01-17 18:38 . 2010-01-17 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\program files\Bonjour
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\program files\QuickTime
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Apple
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 17:21 . 2008-09-20 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2010-02-07 15:55 . 2008-09-20 17:14 566552 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll
2010-02-07 15:55 . 2008-09-20 17:14 242968 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll
2010-02-07 15:55 . 2008-09-20 17:14 156952 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll
2010-02-07 15:55 . 2008-09-20 17:14 156952 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll
2010-02-07 15:55 . 2008-09-20 17:14 136472 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll
2010-02-07 15:20 . 2008-09-11 23:04 16424 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-05 15:33 . 2008-09-21 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-05 15:29 . 2008-09-20 17:14 1537304 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll
2010-02-05 15:29 . 2008-09-20 17:14 386328 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\WebRip.dll
2010-02-05 15:29 . 2008-09-20 17:14 505112 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\TimTube.dll
2010-02-05 15:29 . 2008-09-20 17:14 492824 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PornoTube.dll
2010-02-05 15:29 . 2008-09-20 17:14 505112 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BadJojo.dll
2010-02-05 15:28 . 2008-09-20 17:14 496920 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouPorn.dll
2010-02-05 15:28 . 2008-09-20 17:14 496920 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RedTube.dll
2010-02-05 15:28 . 2008-09-20 17:14 488728 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll
2010-02-05 15:28 . 2008-09-20 17:14 501016 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\SevenLoad.dll
2010-02-05 15:28 . 2008-09-20 17:14 521496 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MyVideo.dll
2010-02-05 15:28 . 2008-09-20 17:14 505112 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MetaCafe.dll
2010-02-05 15:28 . 2008-09-20 17:14 496920 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BlipTV.dll
2010-02-05 15:28 . 2008-09-20 17:13 509208 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MySpace.dll
2010-02-05 15:28 . 2008-09-20 17:13 501016 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll
2010-02-05 15:28 . 2008-09-20 17:13 292120 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2010-01-26 03:44 . 2008-09-06 01:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 19:22 . 2010-01-17 19:22 -------- d-----w- c:\documents and settings\John\Application Data\WTouch
2010-01-17 19:22 . 2010-01-17 19:22 -------- d-----w- c:\program files\WTouch
2010-01-17 19:22 . 2010-01-17 19:21 -------- d-----w- c:\program files\Tablet
2010-01-17 07:08 . 2008-09-06 01:32 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-22 05:21 . 2004-08-04 05:56 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 05:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-11-21 15:51 . 2004-08-04 05:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\system32\biyupufe.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\huzuluyu.dll
1601-01-01 00:03 . 1601-01-01 00:03 54272 --sha-w- c:\windows\system32\jomuhuha.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\pohepalo.dll
1601-01-01 00:03 . 1601-01-01 00:03 54272 --sha-w- c:\windows\system32\redonuta.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d43402c0-d3c7-4e3d-8d99-011f348a4cd1}]
1601-01-01 00:03 54272 --sha-w- c:\windows\system32\jomuhuha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-1-20 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-28 23:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\WTouch\\WTouchUser.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\system32\\Pen_Tablet.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4118:TCP"= 4118:TCP:llhty

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/30/2010 5:59 PM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/28/2010 5:53 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/28/2010 5:52 PM 360584]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/5/2008 7:39 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [9/5/2008 8:27 PM 8192]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/28/2010 5:52 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/28/2010 5:52 PM 285392]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/30/2010 6:01 PM 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/30/2010 5:58 PM 359624]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [1/17/2010 1:21 PM 4408616]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [1/17/2010 1:22 PM 112936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [9/5/2008 7:49 PM 38560]
S2 dujhpklt;Task Time;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 11:56 PM 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dujhpklt
.
Contents of the 'Scheduled Tasks' folder

2010-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
AddRemove-HijackThis - c:\documents and settings\John\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-11 15:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-1482476501-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bd,f2,3a,85,f0,08,f2,fc,f1,c3,31,3b,84,e6,77,b9,88,08,a5,63,56,4b,82,
c5,e6,0b,81,53,bf,18,f2,09,bd,c4,a9,ea,6a,7d,02,9c,a0,d8,f0,27,ba,ae,eb,e3,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\WTouch\WTouchUser.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\RTHDCPL.EXE
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-11 15:52:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-11 21:51

Pre-Run: 451,696,766,976 bytes free
Post-Run: 453,123,911,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 4FD92F67A2B53FB4371DA3D3C3B8640F

ZombieCate
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-09
OS OS : Windows XP
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Protector Issues

Post by Belahzur on 11th February 2010, 10:09 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    KILLALL::

    File::
    c:\windows\system32\biyupufe.dll
    c:\windows\system32\huzuluyu.dll
    c:\windows\system32\jomuhuha.dll
    c:\windows\system32\pohepalo.dll
    c:\windows\system32\redonuta.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d43402c0-d3c7-4e3d-8d99-011f348a4cd1}]

    Driver::
    dujhpklt

    NetSvc::
    dujhpklt
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Protector Issues

Post by ZombieCate on 12th February 2010, 4:03 am

ComboFix 10-02-11.04 - John 02/11/2010 21:51:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2481 [GMT -6:00]
Running from: c:\documents and settings\John\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\system32\biyupufe.dll"
"c:\windows\system32\huzuluyu.dll"
"c:\windows\system32\jomuhuha.dll"
"c:\windows\system32\pohepalo.dll"
"c:\windows\system32\redonuta.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\biyupufe.dll
c:\windows\system32\huzuluyu.dll
c:\windows\system32\jomuhuha.dll
c:\windows\system32\pohepalo.dll
c:\windows\system32\redonuta.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DUJHPKLT
-------\Service_dujhpklt


((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-11 21:49 . 2010-02-11 21:49 -------- d-----w- c:\windows\LastGood.Tmp
2010-02-09 19:16 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-09 19:16 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-09 18:26 . 2010-02-09 18:26 -------- d-----w- c:\program files\Sun
2010-02-09 17:49 . 2010-02-09 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-09 01:29 . 2010-02-09 01:29 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-02-09 01:29 . 2010-02-09 01:29 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-02-09 01:21 . 2010-02-09 01:21 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-09 01:21 . 2010-02-09 01:21 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-09 01:20 . 2010-02-12 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-09 01:20 . 2010-02-09 01:20 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-09 00:54 . 2010-02-09 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-08 19:57 . 2010-02-11 14:49 0 ----a-w- c:\documents and settings\John\Local Settings\Application Data\prvlcl.dat
2010-02-08 17:21 . 2010-02-08 17:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-08 07:56 . 2010-02-08 07:56 -------- d-----w- c:\program files\Enigma Software Group
2010-02-08 05:17 . 2010-02-08 05:17 36 ----a-w- c:\program files\skynet.dat
2010-02-07 15:15 . 2010-02-07 15:15 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-07 15:15 . 2010-02-07 15:15 -------- d-----w- c:\program files\MSBuild
2010-02-07 15:15 . 2010-02-07 15:15 -------- d-----w- c:\program files\Reference Assemblies
2010-02-07 15:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-07 15:14 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-07 15:14 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-07 15:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-07 15:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-07 15:14 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-07 15:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-07 15:14 . 2010-02-07 15:14 -------- d-----w- C:\a8f680eb4ccf05bf45
2010-02-07 15:14 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-07 15:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-07 03:52 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-02-07 03:50 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-07 03:50 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-05 15:35 . 2010-02-05 15:35 -------- d-----w- c:\documents and settings\John\Application Data\NeroDigital™
2010-02-05 15:29 . 2010-02-07 15:55 177432 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgImeem.dll
2010-02-05 15:28 . 2010-02-05 15:28 509208 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\Tangle.dll
2010-02-05 02:15 . 2010-02-05 02:15 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Nero
2010-02-05 02:12 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-04 00:02 . 2010-02-04 00:02 -------- d-----w- C:\WTablet
2010-01-31 00:16 . 2010-02-06 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-01-31 00:15 . 2010-02-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-31 00:15 . 2010-01-31 00:15 -------- d-----w- c:\program files\Common Files\iS3
2010-01-31 00:03 . 2010-01-31 00:03 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Threat Expert
2010-01-31 00:01 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-31 00:01 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-31 00:01 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2010-01-31 00:01 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-31 00:01 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-31 00:01 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-30 23:59 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-30 23:59 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-30 23:59 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-30 23:58 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-30 23:58 . 2010-02-12 03:57 -------- d-----w- c:\program files\Spyware Doctor
2010-01-30 23:58 . 2010-01-31 00:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-30 23:58 . 2010-01-30 23:58 -------- d-----w- c:\documents and settings\John\Application Data\PC Tools
2010-01-30 23:58 . 2010-01-30 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-30 23:58 . 2010-02-12 03:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-29 17:44 . 2009-11-25 19:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-01-29 06:13 . 2010-01-29 06:13 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Google
2010-01-29 06:13 . 2009-12-16 22:05 471040 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2010-01-29 06:13 . 2009-12-16 22:05 347136 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-01-29 06:13 . 2009-12-16 22:05 340992 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-01-29 06:13 . 2009-12-16 22:05 43008 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-01-29 06:13 . 2009-12-16 22:05 1452032 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-01-29 00:41 . 2010-01-28 23:52 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-29 00:41 . 2010-01-28 23:52 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-28 23:55 . 2010-01-28 23:55 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\AVG Security Toolbar
2010-01-28 23:53 . 2010-01-28 23:53 -------- d-----w- C:\$AVG
2010-01-28 23:53 . 2010-01-28 23:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-28 23:53 . 2010-01-28 23:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-28 23:53 . 2010-01-28 23:53 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-28 23:53 . 2010-02-11 15:47 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-28 23:53 . 2010-01-28 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-28 23:52 . 2010-01-28 23:52 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-28 23:52 . 2010-01-28 23:52 -------- d-----w- c:\program files\AVG
2010-01-28 23:52 . 2010-02-11 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-28 23:52 . 2010-01-28 23:52 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-28 23:23 . 2010-01-28 23:23 -------- d-----w- c:\documents and settings\John\Application Data\TeamViewer
2010-01-28 23:23 . 2010-01-28 23:23 -------- d-----w- c:\program files\TeamViewer
2010-01-28 21:08 . 2010-01-28 21:08 -------- d-----w- C:\fsaua.data
2010-01-28 01:08 . 2010-01-28 01:08 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2010-01-28 01:07 . 2010-01-28 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-26 16:19 . 2010-01-26 15:51 38784 ----a-w- c:\documents and settings\John\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-01-26 15:51 . 2010-01-26 15:51 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-01-26 15:51 . 2010-01-26 15:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-26 04:08 . 2010-01-26 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-26 04:08 . 2010-01-26 04:08 -------- d-----w- C:\ProgramData
2010-01-26 04:00 . 2008-09-04 20:11 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-26 04:00 . 2010-01-26 04:00 10134 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-26 04:00 . 2010-01-26 04:00 -------- d-----w- c:\program files\Microsoft WSE
2010-01-26 03:44 . 2010-01-26 04:04 -------- d-----w- c:\program files\Electronic Arts
2010-01-24 02:53 . 2010-01-24 02:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-23 21:20 . 2010-01-23 21:20 -------- d-----w- c:\windows\Sun
2010-01-23 21:19 . 2010-02-09 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 21:19 . 2010-02-09 18:26 -------- d-----w- c:\program files\Java
2010-01-23 21:19 . 2010-01-23 21:19 152576 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-23 21:19 . 2010-01-23 21:19 79488 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-20 20:33 . 2007-10-23 15:27 110592 ----a-w- c:\documents and settings\John\Application Data\U3\temp\cleanup.exe
2010-01-20 19:33 . 2010-01-20 19:33 -------- d-----w- c:\documents and settings\John\Application Data\AdobeUM
2010-01-20 18:48 . 2010-01-20 19:32 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Adobe
2010-01-20 18:40 . 2004-08-17 01:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2010-01-20 18:36 . 2010-01-20 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-01-20 18:34 . 2010-01-20 18:34 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-01-20 18:34 . 2010-01-20 18:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-19 15:40 . 2010-02-12 03:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-01-17 19:22 . 2010-02-12 03:57 -------- d-----w- c:\documents and settings\John\Application Data\WTablet
2010-01-17 19:19 . 2010-02-08 05:07 -------- d-----w- c:\documents and settings\John\Application Data\Bioshock
2010-01-17 19:17 . 2010-01-17 19:17 -------- d--h--r- c:\documents and settings\John\Application Data\SecuROM
2010-01-17 19:14 . 2010-01-17 19:14 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-17 19:07 . 2010-01-17 19:07 -------- d-----w- c:\program files\2K Games
2010-01-17 18:44 . 2007-10-23 15:22 3350528 ---ha-w- c:\documents and settings\John\Application Data\U3\temp\Launchpad Removal.exe
2010-01-17 18:43 . 2010-02-03 15:58 -------- d-----w- c:\documents and settings\John\Application Data\U3
2010-01-17 18:40 . 2010-01-17 18:40 45056 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{E448503F-D677-46DB-AC77-7F9F094DFC01}\_28C06EB88381_4D72_BA9C_FEBD7FB46252.exe
2010-01-17 18:40 . 2010-01-17 18:40 15086 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{E448503F-D677-46DB-AC77-7F9F094DFC01}\oC4.exe
2010-01-17 18:40 . 2010-01-17 18:40 -------- d-----w- c:\program files\portalgraphics
2010-01-17 18:39 . 2010-01-17 18:40 -------- d-----w- c:\documents and settings\John\Application Data\Apple Computer
2010-01-17 18:39 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-17 18:39 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\program files\iPod
2010-01-17 18:38 . 2010-01-17 18:39 -------- d-----w- c:\program files\iTunes
2010-01-17 18:38 . 2010-01-17 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\program files\Bonjour
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\program files\QuickTime
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-17 18:38 . 2010-01-17 18:38 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 17:21 . 2008-09-20 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2010-02-07 15:55 . 2008-09-20 17:14 566552 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll
2010-02-07 15:55 . 2008-09-20 17:14 242968 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll
2010-02-07 15:55 . 2008-09-20 17:14 156952 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll
2010-02-07 15:55 . 2008-09-20 17:14 156952 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll
2010-02-07 15:55 . 2008-09-20 17:14 136472 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll
2010-02-07 15:20 . 2008-09-11 23:04 16424 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-05 15:33 . 2008-09-21 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-05 15:29 . 2008-09-20 17:14 1537304 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll
2010-02-05 15:29 . 2008-09-20 17:14 386328 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\WebRip.dll
2010-02-05 15:29 . 2008-09-20 17:14 505112 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\TimTube.dll
2010-02-05 15:29 . 2008-09-20 17:14 492824 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PornoTube.dll
2010-02-05 15:29 . 2008-09-20 17:14 505112 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BadJojo.dll
2010-02-05 15:28 . 2008-09-20 17:14 496920 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouPorn.dll
2010-02-05 15:28 . 2008-09-20 17:14 496920 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RedTube.dll
2010-02-05 15:28 . 2008-09-20 17:14 488728 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll
2010-02-05 15:28 . 2008-09-20 17:14 501016 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\SevenLoad.dll
2010-02-05 15:28 . 2008-09-20 17:14 521496 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MyVideo.dll
2010-02-05 15:28 . 2008-09-20 17:14 505112 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MetaCafe.dll
2010-02-05 15:28 . 2008-09-20 17:14 496920 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BlipTV.dll
2010-02-05 15:28 . 2008-09-20 17:13 509208 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MySpace.dll
2010-02-05 15:28 . 2008-09-20 17:13 501016 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll
2010-02-05 15:28 . 2008-09-20 17:13 292120 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2010-01-26 03:44 . 2008-09-06 01:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 19:22 . 2010-01-17 19:22 -------- d-----w- c:\documents and settings\John\Application Data\WTouch
2010-01-17 19:22 . 2010-01-17 19:22 -------- d-----w- c:\program files\WTouch
2010-01-17 19:22 . 2010-01-17 19:21 -------- d-----w- c:\program files\Tablet
2010-01-17 07:08 . 2008-09-06 01:32 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-13 01:48 . 2010-01-13 01:48 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-22 05:21 . 2004-08-04 05:56 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 05:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-11-21 15:51 . 2004-08-04 05:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-12 03:57 . 2010-02-12 03:57 16384 c:\windows\Temp\Perflib_Perfdata_ec4.dat
+ 2010-02-12 03:57 . 2010-02-12 03:57 16384 c:\windows\Temp\Perflib_Perfdata_954.dat
+ 2010-02-12 03:57 . 2010-02-12 03:57 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
+ 2001-08-23 12:00 . 2010-02-11 21:50 67516 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2010-02-11 21:25 67516 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-02-11 21:50 432686 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-02-11 21:25 432686 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-1-20 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-28 23:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\WTouch\\WTouchUser.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\system32\\Pen_Tablet.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4118:TCP"= 4118:TCP:llhty

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/30/2010 5:59 PM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/28/2010 5:53 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/28/2010 5:52 PM 360584]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/5/2008 7:39 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [9/5/2008 8:27 PM 8192]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/28/2010 5:52 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/28/2010 5:52 PM 285392]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/30/2010 6:01 PM 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/30/2010 5:58 PM 359624]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [1/17/2010 1:21 PM 4408616]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [1/17/2010 1:22 PM 112936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [9/5/2008 7:49 PM 38560]
.
Contents of the 'Scheduled Tasks' folder

2010-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\46gsx0a1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-11 21:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-1482476501-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bd,f2,3a,85,f0,08,f2,fc,f1,c3,31,3b,84,e6,77,b9,88,08,a5,63,56,4b,82,
c5,e6,0b,81,53,bf,18,f2,09,bd,c4,a9,ea,6a,7d,02,9c,a0,d8,f0,27,ba,ae,eb,e3,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\RTHDCPL.EXE
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-02-11 22:01:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-12 04:01
ComboFix2.txt 2010-02-11 21:52

Pre-Run: 453,063,979,008 bytes free
Post-Run: 453,108,170,752 bytes free

- - End Of File - - EE108D11BC72B8AA4247FFCE3614984D

ZombieCate
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-09
OS OS : Windows XP
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Protector Issues

Post by Belahzur on 12th February 2010, 2:27 pm

Hello.

One more issue to deal with.

You are running two antivirus', I see from the uninstall list you have Kaspersky installed, along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove AVG to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    AVG Free 9.0

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: PC Protector Issues

Post by ZombieCate on 12th February 2010, 3:57 pm

Everything is running much better, thanks! If I have any unexpected problems pop up Ill be sure to let you know.

ZombieCate
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-02-09
OS OS : Windows XP
Points Points : 25083
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PC Protector Issues

Post by Belahzur on 12th February 2010, 4:04 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum