system restore

View previous topic View next topic Go down

system restore

Post by perkey on Sun Jun 06, 2010 11:46 pm

I have ran norton 360 and it has detected backdoor.tidserv!inf and is telling me to manually remove it. I can only start my computer in safe mode only also system restore does not allow me to set restore points and uninstall program under control panel does not appear. I also tried ComboFix /uninstall under run and system could not find it. Help please

perkey
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-06-06
OS OS : vista
Points Points : 23773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: system restore

Post by Belahzur on Mon Jun 07, 2010 12:06 am

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: system restore

Post by perkey on Mon Jun 07, 2010 12:39 am

OTL logfile created on: 6/6/2010 7:33:39 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\mandi\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 133.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.22 Gb Total Space | 42.86 Gb Free Space | 68.89% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 6.07 Gb Free Space | 62.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MANDI-PC
Current User Name: mandi
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
PRC - [2010/05/31 23:01:34 | 006,690,864 | ---- | M] () -- C:\Program Files\PCFix\PCFix.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/04/08 09:15:02 | 003,233,752 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2010/03/26 18:51:52 | 000,118,128 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\Navw32.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 19:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (0053741275740157mcinstcleanup) McAfee Application Installer Cleanup (0053741275740157)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe -- (NAV)
SRV - [2010/02/12 20:38:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/06/27 07:35:31 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/06/06 06:54:20 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100606.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/06 06:54:20 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100606.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/06 06:54:19 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/06 06:53:19 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/28 14:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100528.003\IDSvix86.sys -- (IDSVix86)
DRV - [2010/04/29 12:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/26 21:23:54 | 000,116,784 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 21:23:21 | 000,325,680 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 21:23:21 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 20:40:52 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/02/03 20:40:50 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2010/02/03 20:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/08/10 17:22:50 | 000,079,052 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2008/05/19 01:26:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/06 02:58:12 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/13 06:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/05 15:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/02 21:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 21:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 21:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A5 BA 2A 01 1A A8 36 4E AE 6B 74 FD 44 F3 3C EA [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\ [2010/06/06 11:45:03 | 000,000,000 | ---D | M]

[2009/12/03 05:46:25 | 000,000,000 | ---D | M] -- C:\Users\mandi\AppData\Roaming\Mozilla\Extensions
[2010/06/06 15:21:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/06 15:21:00 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {012ABAA5-A81A-4E36-AE6B-74FD44F33CEa} - C:\Windows\System32\dbnmpntw32.dll (AIMP DevTeam)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Norton Download Manager{NAV_prod_1.19_17.6.0.32}] C:\Users\Public\Downloads\Norton\{NAV_prod_1.19_17.6.0.32}\NAVDownloader[1].exe (Symantec Corporation)
O4 - HKCU..\Run: [PCFix] C:\Program Files\PCFix\PCFix.exe ()
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools )
O4 - HKCU..\Run: [RTHDBPL] C:\Users\mandi\AppData\Local\Temp\0.9400984549966545.exe (Lzhllqc)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [N360] C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\4.1.0.32\InstStub.exe (Symantec Corporation)
O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} [You must be registered and logged in to see this link.] (Windows Live OneCare safety scanner control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.158.96.130 24.158.96.131
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\duser32.dll) - C:\Windows\System32\duser32.dll (AIMP DevTeam)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Creek.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/06 19:33:22 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
[2010/06/06 18:04:09 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/06/06 18:04:09 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/06/06 18:04:09 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/06/06 18:02:36 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/06/06 18:02:36 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/06/06 18:02:34 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/06/06 18:02:34 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/06/06 18:02:25 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\PC Tools
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/06 15:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/06 15:20:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/06/06 14:10:29 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/06/06 07:06:58 | 096,336,928 | ---- | C] (Symantec Corporation) -- C:\Users\mandi\NAV-ESD-17-6-0-32-EN.exe
[2010/06/06 06:53:46 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/06 06:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/06/06 06:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/06/06 06:53:08 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\symtdiv.sys
[2010/06/06 06:53:08 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.sys
[2010/06/06 06:53:08 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.sys
[2010/06/06 06:53:08 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.sys
[2010/06/06 06:53:08 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\Ironx86.sys
[2010/06/06 06:53:08 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.sys
[2010/06/06 06:53:07 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\cchpx86.sys
[2010/06/06 06:52:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2010/06/06 06:52:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1106000.020
[2010/06/06 06:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/06/06 06:41:11 | 000,309,248 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\dbnmpntw32.dll
[2010/06/05 08:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2010/06/05 07:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/06/05 07:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/06/05 07:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/06/04 05:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2010/06/04 05:41:13 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\Uniblue
[2010/06/04 05:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/06/04 05:26:41 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\PCFix
[2010/06/04 05:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\PCFix
[2010/06/04 05:08:47 | 000,000,000 | ---D | C] -- C:\rei
[2010/06/04 05:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/06/03 21:07:43 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\Protection Center
[2010/06/03 21:05:17 | 000,000,000 | ---D | C] -- C:\Windows\PRAGMAmoipibntvm
[2010/06/03 20:31:18 | 000,145,920 | ---- | C] (Artem Izmaylov) -- C:\Windows\System32\d3dim70032.dll
[2010/06/03 20:30:56 | 000,307,712 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\EhStorPwdMgr32.dll
[2010/06/03 20:28:37 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\WinRAR
[2010/06/03 20:28:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/06/03 20:28:14 | 000,309,248 | ---- | C] (AIMP DevTeam) -- C:\ProgramData\cryptui32.dll
[2010/06/03 20:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\1558801517
[2010/06/03 20:28:04 | 000,000,000 | -HSD | C] -- C:\Users\mandi\AppData\Roaming\SystemProc
[2010/06/03 20:28:02 | 000,145,920 | ---- | C] (Artem Izmaylov) -- C:\Windows\System32\cmicryptinstall32.dll
[2010/06/03 20:27:58 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Local\Apple Computer
[2010/06/03 20:27:54 | 000,307,712 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\dxmasf32.dll
[2010/06/03 20:27:52 | 000,190,464 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\duser32.dll
[2010/06/03 20:19:31 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Local\Apple
[2010/06/02 07:12:14 | 000,352,513 | ---- | C] (Avira GmbH) -- C:\Windows\System32\savapi3.dll
[2010/05/26 06:43:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\mandi\Desktop\*.tmp files -> C:\Users\mandi\Desktop\*.tmp -> ]
[1 C:\Users\mandi\AppData\Roaming\*.tmp files -> C:\Users\mandi\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 19:33:44 | 002,621,440 | -HS- | M] () -- C:\Users\mandi\ntuser.dat
[2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
[2010/06/06 19:09:53 | 000,001,356 | ---- | M] () -- C:\Users\mandi\AppData\Local\d3d9caps.dat
[2010/06/06 18:02:27 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/06 17:31:56 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/06/06 14:59:58 | 000,004,795 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/06/06 14:58:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/06 14:57:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 14:57:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 14:57:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/06 14:51:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A166B122-62FB-4D88-BC1A-1CBBD39F2C10}.job
[2010/06/06 14:16:19 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/06 14:13:57 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/06/06 14:11:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000001.regtrans-ms
[2010/06/06 14:11:39 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TM.blf
[2010/06/06 08:08:37 | 000,000,830 | ---- | M] () -- C:\Users\mandi\Desktop\Norton Installation Files.lnk
[2010/06/06 08:03:03 | 000,003,782 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942P.manifest
[2010/06/06 08:00:45 | 000,000,817 | ---- | M] () -- C:\ProgramData\1859848970
[2010/06/06 07:16:16 | 000,001,715 | ---- | M] () -- C:\Users\mandi\Desktop\youporn.com.lnk
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\troj000.exe
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\spam003.exe
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\spam001.exe
[2010/06/06 07:16:15 | 000,001,723 | ---- | M] () -- C:\Users\mandi\Desktop\pornotube.com.lnk
[2010/06/06 07:16:15 | 000,001,719 | ---- | M] () -- C:\Users\mandi\Desktop\nudetube.com.lnk
[2010/06/06 07:06:59 | 096,336,928 | ---- | M] (Symantec Corporation) -- C:\Users\mandi\NAV-ESD-17-6-0-32-EN.exe
[2010/06/06 07:03:10 | 000,000,331 | -HS- | M] () -- C:\ProgramData\1049320282
[2010/06/06 07:03:01 | 000,000,051 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942C.manifest
[2010/06/06 07:02:59 | 000,000,136 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942O.manifest
[2010/06/06 07:02:59 | 000,000,011 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942S.manifest
[2010/06/06 06:58:55 | 001,827,998 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1106000.020\Cat.DB
[2010/06/06 06:53:19 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/06 06:53:19 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/06/06 06:53:19 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/06/06 06:53:17 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/06/06 06:49:00 | 000,002,788 | ---- | M] () -- C:\Windows\GnuHashes.ini
[2010/06/06 06:41:11 | 000,309,248 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\dbnmpntw32.dll
[2010/06/05 09:17:56 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/06/05 08:37:19 | 000,001,031 | ---- | M] () -- C:\Users\mandi\Desktop\Recover My Files.lnk
[2010/06/05 08:09:07 | 000,000,284 | ---- | M] () -- C:\Windows\reimage.ini
[2010/06/05 08:08:55 | 000,000,166 | ---- | M] () -- C:\Windows\System32\Compress.res
[2010/06/05 07:18:52 | 000,000,937 | ---- | M] () -- C:\Users\mandi\Desktop\Norton Download Manager.lnk
[2010/06/05 07:15:57 | 000,001,665 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/06/04 05:41:10 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/04 05:27:44 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\PC Fix 2010.lnk
[2010/06/04 05:08:48 | 000,001,857 | ---- | M] () -- C:\Users\mandi\Desktop\Reimage Repair.lnk
[2010/06/03 22:05:04 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:35:46 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TM.blf
[2010/06/03 21:32:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:32:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:32:39 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TM.blf
[2010/06/03 21:06:22 | 000,000,022 | ---- | M] () -- C:\Users\mandi\AppData\Roaming\3e5b0c0d
[2010/06/03 20:31:18 | 000,145,920 | ---- | M] (Artem Izmaylov) -- C:\Windows\System32\d3dim70032.dll
[2010/06/03 20:30:56 | 000,307,712 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\EhStorPwdMgr32.dll
[2010/06/03 20:28:36 | 000,000,113 | ---- | M] () -- C:\ProgramData\sl1600833992
[2010/06/03 20:28:14 | 000,309,248 | ---- | M] (AIMP DevTeam) -- C:\ProgramData\cryptui32.dll
[2010/06/03 20:28:13 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/06/03 20:28:02 | 000,145,920 | ---- | M] (Artem Izmaylov) -- C:\Windows\System32\cmicryptinstall32.dll
[2010/06/03 20:27:54 | 000,307,712 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\dxmasf32.dll
[2010/06/03 20:27:52 | 000,190,464 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\duser32.dll
[2010/06/02 15:12:00 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/02 15:12:00 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TM.blf
[2010/06/02 10:33:06 | 000,006,144 | ---- | M] () -- C:\Users\mandi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 07:12:14 | 000,352,513 | ---- | M] (Avira GmbH) -- C:\Windows\System32\savapi3.dll
[2010/06/02 07:12:12 | 001,380,403 | ---- | M] () -- C:\Windows\System32\avgsdk.dll
[2010/06/01 05:13:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/05/15 05:22:50 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/05/13 01:56:17 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/11 17:32:49 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{6b72ebdf-c6e7-11de-a8c3-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/05/11 17:32:49 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{6b72ebdf-c6e7-11de-a8c3-00219bd38b67}.TM.blf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\mandi\Desktop\*.tmp files -> C:\Users\mandi\Desktop\*.tmp -> ]
[1 C:\Users\mandi\AppData\Roaming\*.tmp files -> C:\Users\mandi\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 18:04:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/06/06 18:04:10 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/06/06 18:04:10 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/06/06 18:04:09 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/06/06 18:04:09 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/06/06 18:02:36 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/06/06 18:02:34 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/06/06 18:02:34 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/06/06 18:02:27 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/06 18:02:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/06/06 06:56:51 | 001,827,998 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\Cat.DB
[2010/06/06 06:53:46 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/06/06 06:53:46 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/06/06 06:53:17 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/06/06 06:53:02 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.inf
[2010/06/06 06:53:02 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.inf
[2010/06/06 06:53:02 | 000,001,754 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\ccHPx86.inf
[2010/06/06 06:53:02 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNetV.inf
[2010/06/06 06:53:02 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNet.inf
[2010/06/06 06:53:02 | 000,001,388 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.inf
[2010/06/06 06:53:02 | 000,001,382 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.inf
[2010/06/06 06:53:02 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\Iron.inf
[2010/06/06 06:52:54 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\symnetv.cat
[2010/06/06 06:52:54 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.cat
[2010/06/06 06:52:54 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.cat
[2010/06/06 06:52:54 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.cat
[2010/06/06 06:52:54 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\iron.cat
[2010/06/06 06:52:54 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.cat
[2010/06/06 06:52:54 | 000,007,396 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\cchpx86.cat
[2010/06/06 06:52:54 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNet.cat
[2010/06/06 06:52:54 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\isolate.ini
[2010/06/06 06:49:00 | 000,002,788 | ---- | C] () -- C:\Windows\GnuHashes.ini
[2010/06/05 09:17:56 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/06/05 08:37:19 | 000,001,031 | ---- | C] () -- C:\Users\mandi\Desktop\Recover My Files.lnk
[2010/06/05 08:08:55 | 000,000,166 | ---- | C] () -- C:\Windows\System32\Compress.res
[2010/06/05 07:15:57 | 000,001,665 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/06/05 07:12:47 | 000,001,723 | ---- | C] () -- C:\Users\mandi\Desktop\pornotube.com.lnk
[2010/06/05 07:12:47 | 000,001,719 | ---- | C] () -- C:\Users\mandi\Desktop\nudetube.com.lnk
[2010/06/05 07:12:47 | 000,001,715 | ---- | C] () -- C:\Users\mandi\Desktop\youporn.com.lnk
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\troj000.exe
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\spam003.exe
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\spam001.exe
[2010/06/05 07:09:17 | 000,000,937 | ---- | C] () -- C:\Users\mandi\Desktop\Norton Download Manager.lnk
[2010/06/05 07:09:17 | 000,000,830 | ---- | C] () -- C:\Users\mandi\Desktop\Norton Installation Files.lnk
[2010/06/04 05:41:10 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/04 05:26:24 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\PC Fix 2010.lnk
[2010/06/04 05:09:12 | 000,000,284 | ---- | C] () -- C:\Windows\reimage.ini
[2010/06/04 05:08:48 | 000,001,857 | ---- | C] () -- C:\Users\mandi\Desktop\Reimage Repair.lnk
[2010/06/03 21:37:48 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:37:48 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:37:48 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TM.blf
[2010/06/03 21:35:46 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:35:46 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TM.blf
[2010/06/03 21:32:39 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:32:39 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:32:39 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TM.blf
[2010/06/03 20:38:02 | 000,000,022 | ---- | C] () -- C:\Users\mandi\AppData\Roaming\3e5b0c0d
[2010/06/03 20:28:58 | 000,000,331 | -HS- | C] () -- C:\ProgramData\1049320282
[2010/06/03 20:28:57 | 000,000,817 | ---- | C] () -- C:\ProgramData\1859848970
[2010/06/03 20:28:36 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl1600833992
[2010/06/03 20:28:13 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/06/03 20:27:53 | 000,003,782 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942P.manifest
[2010/06/03 20:27:53 | 000,000,136 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942O.manifest
[2010/06/03 20:27:53 | 000,000,051 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942C.manifest
[2010/06/03 20:27:53 | 000,000,011 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942S.manifest
[2010/06/02 07:12:12 | 001,380,403 | ---- | C] () -- C:\Windows\System32\avgsdk.dll
[2010/05/13 01:56:07 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/05/13 01:56:07 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/05/13 01:56:06 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TM.blf
[2009/09/18 08:15:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/30 14:07:32 | 000,000,062 | ---- | C] () -- C:\Windows\PrintWorkShop2009.ini
[2008/06/27 09:55:58 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/27 09:55:57 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/27 09:55:57 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/27 09:55:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/27 09:55:57 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/06/27 09:55:54 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/27 07:21:27 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2D5907B8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:92174436
< End of report >

perkey
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-06-06
OS OS : vista
Points Points : 23773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: system restore

Post by perkey on Mon Jun 07, 2010 12:41 am

OTL logfile created on: 6/6/2010 7:33:39 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\mandi\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 133.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.22 Gb Total Space | 42.86 Gb Free Space | 68.89% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 6.07 Gb Free Space | 62.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MANDI-PC
Current User Name: mandi
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
PRC - [2010/05/31 23:01:34 | 006,690,864 | ---- | M] () -- C:\Program Files\PCFix\PCFix.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/04/08 09:15:02 | 003,233,752 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2010/03/26 18:51:52 | 000,118,128 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\Navw32.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 19:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (0053741275740157mcinstcleanup) McAfee Application Installer Cleanup (0053741275740157)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe -- (NAV)
SRV - [2010/02/12 20:38:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/06/27 07:35:31 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/06/06 06:54:20 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100606.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/06 06:54:20 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100606.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/06 06:54:19 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/06 06:53:19 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/28 14:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100528.003\IDSvix86.sys -- (IDSVix86)
DRV - [2010/04/29 12:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/26 21:23:54 | 000,116,784 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 21:23:21 | 000,325,680 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 21:23:21 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 20:40:52 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/02/03 20:40:50 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2010/02/03 20:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/08/10 17:22:50 | 000,079,052 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2008/05/19 01:26:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/06 02:58:12 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/13 06:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/05 15:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/02 21:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 21:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 21:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A5 BA 2A 01 1A A8 36 4E AE 6B 74 FD 44 F3 3C EA [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\ [2010/06/06 11:45:03 | 000,000,000 | ---D | M]

[2009/12/03 05:46:25 | 000,000,000 | ---D | M] -- C:\Users\mandi\AppData\Roaming\Mozilla\Extensions
[2010/06/06 15:21:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/06 15:21:00 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {012ABAA5-A81A-4E36-AE6B-74FD44F33CEa} - C:\Windows\System32\dbnmpntw32.dll (AIMP DevTeam)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Norton Download Manager{NAV_prod_1.19_17.6.0.32}] C:\Users\Public\Downloads\Norton\{NAV_prod_1.19_17.6.0.32}\NAVDownloader[1].exe (Symantec Corporation)
O4 - HKCU..\Run: [PCFix] C:\Program Files\PCFix\PCFix.exe ()
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools )
O4 - HKCU..\Run: [RTHDBPL] C:\Users\mandi\AppData\Local\Temp\0.9400984549966545.exe (Lzhllqc)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [N360] C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\4.1.0.32\InstStub.exe (Symantec Corporation)
O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} [You must be registered and logged in to see this link.] (Windows Live OneCare safety scanner control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.158.96.130 24.158.96.131
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\duser32.dll) - C:\Windows\System32\duser32.dll (AIMP DevTeam)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Creek.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/06 19:33:22 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
[2010/06/06 18:04:09 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/06/06 18:04:09 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/06/06 18:04:09 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/06/06 18:02:36 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/06/06 18:02:36 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/06/06 18:02:34 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/06/06 18:02:34 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/06/06 18:02:25 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\PC Tools
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/06 15:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/06 15:20:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/06/06 14:10:29 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/06/06 07:06:58 | 096,336,928 | ---- | C] (Symantec Corporation) -- C:\Users\mandi\NAV-ESD-17-6-0-32-EN.exe
[2010/06/06 06:53:46 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/06 06:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/06/06 06:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/06/06 06:53:08 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\symtdiv.sys
[2010/06/06 06:53:08 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.sys
[2010/06/06 06:53:08 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.sys
[2010/06/06 06:53:08 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.sys
[2010/06/06 06:53:08 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\Ironx86.sys
[2010/06/06 06:53:08 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.sys
[2010/06/06 06:53:07 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\cchpx86.sys
[2010/06/06 06:52:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2010/06/06 06:52:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1106000.020
[2010/06/06 06:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/06/06 06:41:11 | 000,309,248 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\dbnmpntw32.dll
[2010/06/05 08:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2010/06/05 07:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/06/05 07:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/06/05 07:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/06/04 05:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2010/06/04 05:41:13 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\Uniblue
[2010/06/04 05:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/06/04 05:26:41 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\PCFix
[2010/06/04 05:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\PCFix
[2010/06/04 05:08:47 | 000,000,000 | ---D | C] -- C:\rei
[2010/06/04 05:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/06/03 21:07:43 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\Protection Center
[2010/06/03 21:05:17 | 000,000,000 | ---D | C] -- C:\Windows\PRAGMAmoipibntvm
[2010/06/03 20:31:18 | 000,145,920 | ---- | C] (Artem Izmaylov) -- C:\Windows\System32\d3dim70032.dll
[2010/06/03 20:30:56 | 000,307,712 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\EhStorPwdMgr32.dll
[2010/06/03 20:28:37 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\WinRAR
[2010/06/03 20:28:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/06/03 20:28:14 | 000,309,248 | ---- | C] (AIMP DevTeam) -- C:\ProgramData\cryptui32.dll
[2010/06/03 20:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\1558801517
[2010/06/03 20:28:04 | 000,000,000 | -HSD | C] -- C:\Users\mandi\AppData\Roaming\SystemProc
[2010/06/03 20:28:02 | 000,145,920 | ---- | C] (Artem Izmaylov) -- C:\Windows\System32\cmicryptinstall32.dll
[2010/06/03 20:27:58 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Local\Apple Computer
[2010/06/03 20:27:54 | 000,307,712 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\dxmasf32.dll
[2010/06/03 20:27:52 | 000,190,464 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\duser32.dll
[2010/06/03 20:19:31 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Local\Apple
[2010/06/02 07:12:14 | 000,352,513 | ---- | C] (Avira GmbH) -- C:\Windows\System32\savapi3.dll
[2010/05/26 06:43:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\mandi\Desktop\*.tmp files -> C:\Users\mandi\Desktop\*.tmp -> ]
[1 C:\Users\mandi\AppData\Roaming\*.tmp files -> C:\Users\mandi\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 19:33:44 | 002,621,440 | -HS- | M] () -- C:\Users\mandi\ntuser.dat
[2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
[2010/06/06 19:09:53 | 000,001,356 | ---- | M] () -- C:\Users\mandi\AppData\Local\d3d9caps.dat
[2010/06/06 18:02:27 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/06 17:31:56 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/06/06 14:59:58 | 000,004,795 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/06/06 14:58:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/06 14:57:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 14:57:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 14:57:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/06 14:51:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A166B122-62FB-4D88-BC1A-1CBBD39F2C10}.job
[2010/06/06 14:16:19 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/06 14:13:57 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/06/06 14:11:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000001.regtrans-ms
[2010/06/06 14:11:39 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TM.blf
[2010/06/06 08:08:37 | 000,000,830 | ---- | M] () -- C:\Users\mandi\Desktop\Norton Installation Files.lnk
[2010/06/06 08:03:03 | 000,003,782 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942P.manifest
[2010/06/06 08:00:45 | 000,000,817 | ---- | M] () -- C:\ProgramData\1859848970
[2010/06/06 07:16:16 | 000,001,715 | ---- | M] () -- C:\Users\mandi\Desktop\youporn.com.lnk
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\troj000.exe
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\spam003.exe
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\spam001.exe
[2010/06/06 07:16:15 | 000,001,723 | ---- | M] () -- C:\Users\mandi\Desktop\pornotube.com.lnk
[2010/06/06 07:16:15 | 000,001,719 | ---- | M] () -- C:\Users\mandi\Desktop\nudetube.com.lnk
[2010/06/06 07:06:59 | 096,336,928 | ---- | M] (Symantec Corporation) -- C:\Users\mandi\NAV-ESD-17-6-0-32-EN.exe
[2010/06/06 07:03:10 | 000,000,331 | -HS- | M] () -- C:\ProgramData\1049320282
[2010/06/06 07:03:01 | 000,000,051 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942C.manifest
[2010/06/06 07:02:59 | 000,000,136 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942O.manifest
[2010/06/06 07:02:59 | 000,000,011 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942S.manifest
[2010/06/06 06:58:55 | 001,827,998 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1106000.020\Cat.DB
[2010/06/06 06:53:19 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/06 06:53:19 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/06/06 06:53:19 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/06/06 06:53:17 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/06/06 06:49:00 | 000,002,788 | ---- | M] () -- C:\Windows\GnuHashes.ini
[2010/06/06 06:41:11 | 000,309,248 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\dbnmpntw32.dll
[2010/06/05 09:17:56 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/06/05 08:37:19 | 000,001,031 | ---- | M] () -- C:\Users\mandi\Desktop\Recover My Files.lnk
[2010/06/05 08:09:07 | 000,000,284 | ---- | M] () -- C:\Windows\reimage.ini
[2010/06/05 08:08:55 | 000,000,166 | ---- | M] () -- C:\Windows\System32\Compress.res
[2010/06/05 07:18:52 | 000,000,937 | ---- | M] () -- C:\Users\mandi\Desktop\Norton Download Manager.lnk
[2010/06/05 07:15:57 | 000,001,665 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/06/04 05:41:10 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/04 05:27:44 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\PC Fix 2010.lnk
[2010/06/04 05:08:48 | 000,001,857 | ---- | M] () -- C:\Users\mandi\Desktop\Reimage Repair.lnk
[2010/06/03 22:05:04 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:35:46 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TM.blf
[2010/06/03 21:32:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:32:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:32:39 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TM.blf
[2010/06/03 21:06:22 | 000,000,022 | ---- | M] () -- C:\Users\mandi\AppData\Roaming\3e5b0c0d
[2010/06/03 20:31:18 | 000,145,920 | ---- | M] (Artem Izmaylov) -- C:\Windows\System32\d3dim70032.dll
[2010/06/03 20:30:56 | 000,307,712 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\EhStorPwdMgr32.dll
[2010/06/03 20:28:36 | 000,000,113 | ---- | M] () -- C:\ProgramData\sl1600833992
[2010/06/03 20:28:14 | 000,309,248 | ---- | M] (AIMP DevTeam) -- C:\ProgramData\cryptui32.dll
[2010/06/03 20:28:13 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/06/03 20:28:02 | 000,145,920 | ---- | M] (Artem Izmaylov) -- C:\Windows\System32\cmicryptinstall32.dll
[2010/06/03 20:27:54 | 000,307,712 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\dxmasf32.dll
[2010/06/03 20:27:52 | 000,190,464 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\duser32.dll
[2010/06/02 15:12:00 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/02 15:12:00 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TM.blf
[2010/06/02 10:33:06 | 000,006,144 | ---- | M] () -- C:\Users\mandi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 07:12:14 | 000,352,513 | ---- | M] (Avira GmbH) -- C:\Windows\System32\savapi3.dll
[2010/06/02 07:12:12 | 001,380,403 | ---- | M] () -- C:\Windows\System32\avgsdk.dll
[2010/06/01 05:13:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/05/15 05:22:50 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/05/13 01:56:17 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/11 17:32:49 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{6b72ebdf-c6e7-11de-a8c3-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/05/11 17:32:49 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{6b72ebdf-c6e7-11de-a8c3-00219bd38b67}.TM.blf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\mandi\Desktop\*.tmp files -> C:\Users\mandi\Desktop\*.tmp -> ]
[1 C:\Users\mandi\AppData\Roaming\*.tmp files -> C:\Users\mandi\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 18:04:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/06/06 18:04:10 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/06/06 18:04:10 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/06/06 18:04:09 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/06/06 18:04:09 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/06/06 18:02:36 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/06/06 18:02:34 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/06/06 18:02:34 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/06/06 18:02:27 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/06 18:02:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/06/06 06:56:51 | 001,827,998 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\Cat.DB
[2010/06/06 06:53:46 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/06/06 06:53:46 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/06/06 06:53:17 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/06/06 06:53:02 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.inf
[2010/06/06 06:53:02 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.inf
[2010/06/06 06:53:02 | 000,001,754 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\ccHPx86.inf
[2010/06/06 06:53:02 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNetV.inf
[2010/06/06 06:53:02 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNet.inf
[2010/06/06 06:53:02 | 000,001,388 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.inf
[2010/06/06 06:53:02 | 000,001,382 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.inf
[2010/06/06 06:53:02 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\Iron.inf
[2010/06/06 06:52:54 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\symnetv.cat
[2010/06/06 06:52:54 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.cat
[2010/06/06 06:52:54 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.cat
[2010/06/06 06:52:54 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.cat
[2010/06/06 06:52:54 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\iron.cat
[2010/06/06 06:52:54 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.cat
[2010/06/06 06:52:54 | 000,007,396 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\cchpx86.cat
[2010/06/06 06:52:54 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNet.cat
[2010/06/06 06:52:54 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\isolate.ini
[2010/06/06 06:49:00 | 000,002,788 | ---- | C] () -- C:\Windows\GnuHashes.ini
[2010/06/05 09:17:56 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/06/05 08:37:19 | 000,001,031 | ---- | C] () -- C:\Users\mandi\Desktop\Recover My Files.lnk
[2010/06/05 08:08:55 | 000,000,166 | ---- | C] () -- C:\Windows\System32\Compress.res
[2010/06/05 07:15:57 | 000,001,665 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/06/05 07:12:47 | 000,001,723 | ---- | C] () -- C:\Users\mandi\Desktop\pornotube.com.lnk
[2010/06/05 07:12:47 | 000,001,719 | ---- | C] () -- C:\Users\mandi\Desktop\nudetube.com.lnk
[2010/06/05 07:12:47 | 000,001,715 | ---- | C] () -- C:\Users\mandi\Desktop\youporn.com.lnk
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\troj000.exe
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\spam003.exe
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\spam001.exe
[2010/06/05 07:09:17 | 000,000,937 | ---- | C] () -- C:\Users\mandi\Desktop\Norton Download Manager.lnk
[2010/06/05 07:09:17 | 000,000,830 | ---- | C] () -- C:\Users\mandi\Desktop\Norton Installation Files.lnk
[2010/06/04 05:41:10 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/04 05:26:24 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\PC Fix 2010.lnk
[2010/06/04 05:09:12 | 000,000,284 | ---- | C] () -- C:\Windows\reimage.ini
[2010/06/04 05:08:48 | 000,001,857 | ---- | C] () -- C:\Users\mandi\Desktop\Reimage Repair.lnk
[2010/06/03 21:37:48 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:37:48 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:37:48 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TM.blf
[2010/06/03 21:35:46 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:35:46 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TM.blf
[2010/06/03 21:32:39 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:32:39 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:32:39 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TM.blf
[2010/06/03 20:38:02 | 000,000,022 | ---- | C] () -- C:\Users\mandi\AppData\Roaming\3e5b0c0d
[2010/06/03 20:28:58 | 000,000,331 | -HS- | C] () -- C:\ProgramData\1049320282
[2010/06/03 20:28:57 | 000,000,817 | ---- | C] () -- C:\ProgramData\1859848970
[2010/06/03 20:28:36 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl1600833992
[2010/06/03 20:28:13 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/06/03 20:27:53 | 000,003,782 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942P.manifest
[2010/06/03 20:27:53 | 000,000,136 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942O.manifest
[2010/06/03 20:27:53 | 000,000,051 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942C.manifest
[2010/06/03 20:27:53 | 000,000,011 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942S.manifest
[2010/06/02 07:12:12 | 001,380,403 | ---- | C] () -- C:\Windows\System32\avgsdk.dll
[2010/05/13 01:56:07 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/05/13 01:56:07 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/05/13 01:56:06 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TM.blf
[2009/09/18 08:15:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/30 14:07:32 | 000,000,062 | ---- | C] () -- C:\Windows\PrintWorkShop2009.ini
[2008/06/27 09:55:58 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/27 09:55:57 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/27 09:55:57 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/27 09:55:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/27 09:55:57 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/06/27 09:55:54 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/27 07:21:27 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2D5907B8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:92174436
< End of report >

perkey
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-06-06
OS OS : vista
Points Points : 23773
# Likes # Likes : 0

View user profile

Back to top Go down

Re: system restore

Post by Belahzur on Tue Jun 08, 2010 4:45 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum