Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Security Center won't start + more


  • Please log in to reply

#1
jimmykay

jimmykay

    New Member

  • Member
  • Pip
  • 1 posts
Hello,
Windows Security Center won't start when i try to open it and a few weeks ago i visited many websites looking for a torrent for the movie FF5. silly i know. after that theh security center diabled and computer runs very slow and when browsing on the net, i click a link on google and it sometimes redirects me to another website goingonearth or something like that. i followed the geeks to go Virus, Spyware, Malware Removal guide and used the OTL software and produced this log


OTL logfile created on: 3/05/2011 4:02:34 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\James\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 3055 3055 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.98 Gb Total Space | 15.93 Gb Free Space | 11.46% Space Free | Partition Type: NTFS
Drive D: | 10.07 Gb Total Space | 2.40 Gb Free Space | 23.87% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 16:02:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL (1).exe
PRC - [2011/04/02 14:42:55 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011/04/02 14:42:51 | 002,084,848 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011/04/02 14:42:29 | 001,443,712 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011/04/02 14:42:14 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011/03/24 18:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2011/03/15 01:31:03 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/03/15 16:00:46 | 000,102,400 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2010/03/15 15:33:52 | 000,077,824 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2010/03/15 15:32:38 | 000,888,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
PRC - [2010/03/13 01:29:16 | 000,114,688 | ---- | M] () -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/09 13:44:12 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/11/26 12:35:00 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2007/10/04 08:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/04 08:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/05/15 15:55:46 | 001,628,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/03 16:02:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL (1).exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (scan)
SRV - File not found [Auto | Stopped] -- -- (ResultBar Service)
SRV - File not found [Auto | Stopped] -- -- (ImmunetProtect)
SRV - File not found [On_Demand | Stopped] -- -- (GameConsoleService)
SRV - [2011/04/02 14:42:51 | 002,084,848 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011/04/02 14:42:14 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010/11/30 05:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010/03/13 01:29:16 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/04 08:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/03/06 03:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (mvd20)
DRV - [2011/04/18 09:55:33 | 000,307,784 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011/04/02 14:42:31 | 000,105,152 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011/04/02 14:41:24 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/11/29 12:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010/11/29 12:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010/08/20 16:41:52 | 000,126,800 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010/08/20 13:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010/05/13 14:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/01/19 17:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\System32\drivers\bdvedisk.sys -- (Bdvedisk)
DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/12 19:20:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/21 13:25:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15)
DRV - [2009/03/19 13:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/02/09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/02/27 06:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/08 18:58:46 | 000,165,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/11 21:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/06/19 10:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.19.144.20:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.704
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/05/28 17:22:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/03/31 18:10:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 11\components [2011/04/28 13:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2011/03/30 14:41:31 | 000,000,000 | ---D | M]

[2009/10/12 16:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2009/02/06 06:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/03 15:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dse6fqr5.default\extensions
[2011/04/19 14:11:22 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dse6fqr5.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/03/12 09:28:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dse6fqr5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 14:34:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dse6fqr5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/24 07:57:54 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dse6fqr5.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/04/19 14:11:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dse6fqr5.default\extensions\[email protected]
[2009/10/12 16:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/31 18:10:57 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2010/05/28 17:22:57 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2008/11/11 17:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2011/03/23 08:13:45 | 000,000,747 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [CheckPoint Cleanup] File not found
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\James\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\James\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 02:14:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/12 01:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{bb8959ee-28ff-11df-871e-001eec1ea098}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{f1936a72-5607-11dd-936a-001eec1ea098}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/03 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\EJ6 Civic
[2011/05/03 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\Lizy & Me
[2011/05/03 15:19:09 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{3407BB8A-C0B7-4A05-883D-90E8F6EEC550}
[2011/05/02 10:20:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{06794028-372C-4C94-B4BF-5085EEB86958}
[2011/05/01 22:19:59 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{4C8BCC61-F370-47CA-B026-5631C816255B}
[2011/05/01 10:19:22 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{92093F9A-7274-42DF-A2E5-509754407F78}
[2011/04/30 22:18:46 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{A06466B9-CCC2-4FD1-8670-A5D3149A43AD}
[2011/04/30 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{C00960CA-1E53-43D7-B94E-8CB1D97F1AB8}
[2011/04/29 14:39:29 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{482D13D2-7CFA-48DE-8E51-DD8470A25F41}
[2011/04/29 08:30:21 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{7B09607B-9EBA-4965-93CF-A8B1A1269F44}
[2011/04/28 09:02:55 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{07DCD57E-BED2-435A-BDFB-97FFEDBD287B}
[2011/04/27 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{9FC79653-9D9B-4905-95DE-0244EB94747D}
[2011/04/26 12:01:12 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{0F6B9E78-7EC2-4290-996C-43B5EC42D9BF}
[2011/04/25 19:00:24 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{EDE6AEF1-F220-4283-9418-34F2B67858C2}
[2011/04/22 14:36:57 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{F7F36664-D465-4E2E-9726-E7A6BE8DD9C0}
[2011/04/20 07:50:33 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{3D1E12A9-C147-41B6-BCC2-F7D3497D9A30}
[2011/04/19 14:10:56 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Freecorder
[2011/04/19 14:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
[2011/04/19 14:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2011/04/19 13:55:36 | 000,000,000 | ---D | C] -- C:\Users\James\dwhelper
[2011/04/19 10:41:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{C9F25796-8ECC-4FFF-94DA-BD40D92B5258}
[2011/04/18 17:18:02 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/04/15 21:48:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{A13A1703-F153-435B-86E9-28A5A1B9EF42}
[2011/04/14 07:32:38 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{8E3EF1C5-F393-40ED-9032-3E1B07F9DA20}
[2011/04/13 09:45:35 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\Music
[2011/04/13 09:36:46 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\SouvlakiHut
[2011/04/13 09:36:30 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\Movies
[2011/04/13 09:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/04/12 09:45:58 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{2E026AF3-64C7-4960-819D-042052315142}
[2011/04/07 08:40:10 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{25E03BA1-B2F1-4DB5-B12C-D7E0AA8DE229}
[2011/04/06 16:33:38 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{393440F0-62F9-4278-9BF2-BAD79657F91A}
[2011/04/05 19:51:23 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{F0C86E1D-7C90-4716-91BB-224EA9379DE6}
[2011/04/05 07:51:34 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{FF6D1C5E-22D5-4491-8C94-131D47A656BE}
[2011/04/04 19:39:22 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{17DFBEE1-9BD0-42D0-A190-F2C9A8F1C3CA}
[2011/04/04 16:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/04 16:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/04 07:09:13 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{089FA20F-3903-4C1C-8243-8F432A3E8CA1}
[2011/04/03 18:43:21 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{BBC217E0-6E2D-441D-A5D6-B5707BD7E4FF}
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\James\Documents\*.tmp files -> C:\Users\James\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/03 15:58:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2660614698-3976072028-1740251594-1003UA.job
[2011/05/03 15:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/03 15:25:24 | 000,196,096 | ---- | M] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 15:17:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/03 12:26:12 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/03 10:11:54 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/03 05:13:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 05:13:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 21:17:59 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 21:17:59 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/02 17:17:10 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/05/02 17:13:34 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\Ravmlmcrtw.job
[2011/05/01 17:26:24 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2660614698-3976072028-1740251594-1003Core.job
[2011/04/25 20:11:43 | 000,000,016 | ---- | M] () -- C:\Windows\System32\asdict.dat
[2011/04/25 18:58:41 | 000,000,948 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/25 10:34:03 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/25 10:34:03 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/25 10:33:46 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/20 17:47:23 | 217,497,460 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/19 10:36:28 | 000,388,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/18 09:55:33 | 000,307,784 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2011/04/13 09:05:36 | 000,000,000 | ---- | M] () -- C:\Windows\lgfwup.ini
[2011/04/12 09:43:43 | 000,000,324 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/04 16:59:15 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\James\Documents\*.tmp files -> C:\Users\James\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/25 20:11:43 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011/04/25 18:58:41 | 000,000,948 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/25 10:33:46 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/20 17:47:23 | 217,497,460 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/11 17:38:32 | 000,000,324 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/04 16:59:15 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/04 16:59:14 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/28 18:14:24 | 000,558,359 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/03/13 23:07:31 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/03/13 00:13:00 | 000,155,648 | ---- | C] () -- C:\Windows\System32\vga64kx.dll
[2010/07/08 08:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/05/31 22:54:15 | 000,073,580 | ---- | C] () -- C:\Users\James\AppData\Roaming\NMM-MetaData.db
[2010/05/28 22:23:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/28 23:40:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/28 23:40:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/17 21:12:33 | 000,000,046 | ---- | C] () -- C:\Windows\custvoic.ini
[2008/10/11 12:54:27 | 000,000,680 | ---- | C] () -- C:\Users\James\AppData\Local\d3d9caps.dat
[2008/10/03 11:11:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/14 07:29:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/05 21:08:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/22 18:47:54 | 000,196,096 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/22 12:27:56 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2008/04/09 09:42:22 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/11/23 02:54:48 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/20 22:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 22:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/01/31 12:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,388,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2008/07/09 16:54:00 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\7Wonders
[2011/03/13 09:45:44 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Ableton
[2011/03/14 14:29:16 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\AVG10
[2011/03/30 14:41:24 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\BitDefender
[2010/07/18 10:03:10 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\CheckPoint
[2010/03/20 09:16:08 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\ConsumerSoft
[2009/06/12 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\DAEMON Tools Lite
[2008/07/27 21:28:33 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Digitope
[2008/07/27 21:29:34 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\DPA
[2010/10/17 10:51:33 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\EPSON
[2009/12/18 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\LimeWire
[2008/06/22 10:57:25 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\MRTalk
[2008/07/05 23:51:44 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\muvee Technologies
[2010/06/01 07:28:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Nokia
[2010/10/24 19:21:39 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\PC Suite
[2011/03/01 09:31:19 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Processing
[2011/03/28 18:15:57 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\QuickScan
[2010/05/17 07:16:01 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\ROUTE 66 Sync
[2009/05/01 21:48:43 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Sierra
[2011/04/13 09:08:29 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Uniblue
[2011/05/03 15:40:13 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\uTorrent
[2008/06/22 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\WildTangent
[2009/04/05 16:27:32 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Xilisoft Corporation
[2011/05/02 17:13:34 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\Ravmlmcrtw.job
[2011/05/02 17:17:10 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/04/28 18:53:17 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BB37EFEC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

can anyone advise on how to fix these malware entries/problems.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP