Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

multiple operating memory threats [Closed]

Started by erratio , Jan 06 2012 01:40 PM

  • This topic is locked This topic is locked

#1
erratio
Posted 06 January 2012 - 01:40 PM

erratio

    New Member

  • Member
  • Pip
  • 1 posts
After running MBAM, BitDefender, and ESET online scan, my system still isn't clean. The ESET scan found "multiple operating memory threats", my netbook runs ridiculously slowly (and often fails to wake from hibernation/boot up completely) and MBAM was constantly preventing outgoing connections to various dodgy IP addresses. Also there's at least one trojan that has been cleaned multiple times but keeps being found again. Infection became obvious a few days ago when I got hit with the 2012 Security virus but I strongly suspect I was infected earlier, because I previously had the free version of AVG installed and when I tried to run a scan with it it would abort before scanning any files. Thank you in advance for any help you can offer!

OTL log below:

OTL logfile created on: 06/01/2012 13:50:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\jen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.23 Mb Total Physical Memory | 159.13 Mb Available Physical Memory | 15.71% Memory free
2.38 Gb Paging File | 1.27 Gb Available in Paging File | 53.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 6.05 Gb Free Space | 15.50% Space Free | Partition Type: NTFS
Drive D: | 31.55 Gb Total Space | 30.91 Gb Free Space | 97.95% Space Free | Partition Type: NTFS

Computer Name: PINTSIZE | User Name: jen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/06 13:19:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jen\Desktop\OTL.exe
PRC - [2011/12/20 11:27:36 | 001,089,856 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe
PRC - [2011/12/19 20:23:00 | 001,550,296 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2011/12/16 21:24:04 | 001,180,520 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2011/12/05 14:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\jen\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/11/26 14:56:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/22 15:45:32 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\jen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/11/17 15:24:48 | 000,050,128 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2011/09/09 11:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/08/29 13:57:22 | 000,260,248 | ---- | M] (BitDefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\downloader.exe
PRC - [2011/01/06 22:12:22 | 000,505,576 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/08/17 22:11:16 | 002,512,896 | ---- | M] (RescueTime, Inc.) -- C:\Program Files\RescueTime\RescueTime.exe
PRC - [2008/07/18 13:55:42 | 000,684,032 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008/06/09 19:26:52 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 12:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/22 22:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007/10/29 16:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/04 20:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 18:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/09/28 18:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/04 19:19:24 | 000,107,008 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\popup.ui
MOD - [2012/01/04 19:19:24 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/01/04 19:19:22 | 000,115,712 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\bdidntconp.ui
MOD - [2012/01/04 19:19:22 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2011/12/16 10:26:44 | 000,324,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdidntconp.dll
MOD - [2011/12/15 17:26:38 | 000,255,104 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2011/12/14 16:09:38 | 000,575,416 | ---- | M] () -- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\bdsmartdb.dll
MOD - [2011/12/14 12:05:40 | 000,091,304 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2011/12/14 04:51:10 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2011/12/08 20:17:26 | 000,135,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\popup.dll
MOD - [2011/12/08 20:11:02 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2011/11/30 12:55:32 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2011/11/26 14:56:33 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/21 09:34:58 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/17 15:35:10 | 000,096,496 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\idwconp.dll
MOD - [2011/11/17 15:17:30 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2011/11/17 15:17:00 | 000,109,856 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2011/11/14 19:17:08 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
MOD - [2011/11/04 15:48:08 | 001,242,880 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\wslib.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/10/21 13:04:28 | 001,910,272 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpfr.mdl
MOD - [2011/10/21 13:04:28 | 001,909,760 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2011/10/21 13:04:28 | 001,858,560 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2011/10/21 13:04:28 | 000,952,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2011/10/21 13:04:28 | 000,632,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2011/10/21 13:04:28 | 000,444,416 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2011/10/21 13:04:26 | 002,054,144 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2011/10/21 13:04:26 | 000,509,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2011/10/21 13:04:26 | 000,389,632 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2011/10/14 23:05:48 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/14 23:05:32 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2011/08/09 11:16:10 | 000,112,952 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\bdnimbus.dll
MOD - [2011/05/19 18:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_07264_005\avxdisk.dll
MOD - [2008/07/18 15:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/09 19:26:52 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/02/22 01:43:10 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2005/07/22 23:30:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NetworkLog)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/19 20:23:00 | 001,550,296 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2011/11/17 15:24:48 | 000,050,128 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/09/09 11:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2008/06/09 19:26:52 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007/09/28 18:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 17:34:00 | 000,446,160 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2011/11/25 13:59:40 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/11/25 13:56:36 | 000,604,328 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avc3.sys -- (avc3)
DRV - [2011/11/14 19:16:30 | 000,113,616 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/10/27 14:07:06 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\trufos.sys -- (trufos)
DRV - [2011/09/29 15:09:50 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/09/09 11:00:05 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2011/09/09 10:59:19 | 000,057,000 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux)
DRV - [2011/09/09 10:59:19 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint)
DRV - [2011/08/16 13:59:34 | 000,360,976 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/07/19 15:20:36 | 000,127,056 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2008/07/08 21:56:22 | 000,306,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008/06/10 22:23:07 | 000,106,368 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/10 22:23:01 | 000,156,160 | R--- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/05/07 23:21:40 | 004,739,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 07:00:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/02/15 17:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/01/31 17:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/01/22 22:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/11/29 11:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/10/18 16:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/02 13:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2006/10/10 21:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/01/07 07:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/23 06:47:10 | 000,027,392 | R--- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\jen\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\jen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jen\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jen\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/26 14:56:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/20 17:16:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/01/12 19:14:10 | 000,000,000 | ---D | M]

[2008/11/20 18:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jen\Application Data\Mozilla\Extensions
[2012/01/12 18:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jen\Application Data\Mozilla\Firefox\Profiles\d33zfwt4.default\extensions
[2012/01/12 18:42:39 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\jen\Application Data\Mozilla\Firefox\Profiles\d33zfwt4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/26 14:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/13 19:00:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/26 14:56:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/26 00:19:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 18:14:55 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/03 18:14:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/03 18:14:55 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/03 18:14:55 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/03 18:14:55 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe (RescueTime, Inc.)
O4 - Startup: C:\Documents and Settings\jen\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\jen\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46A1AB79-3B78-4C31-9E1B-42D63D2E9763}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/03 05:23:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{84be9ce8-28eb-11e0-88e4-001d92cb904a}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
O33 - MountPoints2\{84be9ce8-28eb-11e0-88e4-001d92cb904a}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
O33 - MountPoints2\{a08de6fe-3568-11de-88b0-001d92cb904a}\Shell\Auto\command - "" = svchosts.exe
O33 - MountPoints2\{a08de6fe-3568-11de-88b0-001d92cb904a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a08de6fe-3568-11de-88b0-001d92cb904a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svchosts.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bddel.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 19:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jen\Local Settings\Application Data\Google
[2012/01/12 19:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jen\Local Settings\Application Data\PCHealth
[2012/01/12 19:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2012/01/12 19:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jen\Application Data\Bitdefender
[2012/01/12 19:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/01/12 18:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/01/12 18:59:28 | 000,360,976 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2012/01/12 18:59:28 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2012/01/12 18:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/01/12 18:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jen\Application Data\QuickScan
[2012/01/11 19:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/01/11 17:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/11 16:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/11 15:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/11 12:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jen\Application Data\Malwarebytes
[2012/01/11 12:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/06 13:19:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jen\Desktop\OTL.exe
[2012/01/05 23:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2012/01/04 12:32:23 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jen\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/04 12:11:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
[2012/01/02 18:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jen\Local Settings\Application Data\Help
[2012/01/02 18:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jen\Application Data\Help
[2012/01/02 17:52:27 | 000,000,000 | ---D | C] -- C:\magic
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 19:51:27 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/12 19:46:02 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1168010241-3230972138-1012835752-1005UA.job
[2012/01/12 19:46:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1168010241-3230972138-1012835752-1005Core.job
[2012/01/12 19:17:47 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2012/01/12 19:17:22 | 000,396,182 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1326412761.bdinstall.bin
[2012/01/12 19:15:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/01/12 19:15:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/12 19:14:18 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2012.lnk
[2012/01/11 12:48:00 | 000,016,804 | -HS- | M] () -- C:\Documents and Settings\jen\Local Settings\Application Data\jkp151xy5ffv58xt0f388o1gdtkty7jp8gqbp
[2012/01/11 12:48:00 | 000,016,804 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jkp151xy5ffv58xt0f388o1gdtkty7jp8gqbp
[2012/01/06 13:19:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jen\Desktop\OTL.exe
[2012/01/06 13:00:34 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\jen\Desktop\gmer.zip
[2012/01/06 12:41:14 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\bddel.exe
[2012/01/06 12:41:14 | 000,004,684 | ---- | M] () -- C:\WINDOWS\System32\bddel.dat
[2012/01/06 09:29:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/06 09:29:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 09:29:30 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 20:33:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/04 12:32:48 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jen\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/27 14:38:34 | 000,095,744 | ---- | M] () -- C:\Documents and Settings\jen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 19:58:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\jen\Application Data\winscp.rnd
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/12 19:41:50 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1168010241-3230972138-1012835752-1005UA.job
[2012/01/12 19:41:49 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1168010241-3230972138-1012835752-1005Core.job
[2012/01/12 19:17:47 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2012/01/12 19:17:22 | 000,396,182 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1326412761.bdinstall.bin
[2012/01/12 19:15:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/01/12 19:15:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/12 19:14:18 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2012.lnk
[2012/01/06 13:00:03 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\jen\Desktop\gmer.zip
[2012/01/06 12:41:09 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\bddel.exe
[2012/01/06 12:41:09 | 000,004,684 | ---- | C] () -- C:\WINDOWS\System32\bddel.dat
[2012/01/04 12:11:21 | 000,016,804 | -HS- | C] () -- C:\Documents and Settings\jen\Local Settings\Application Data\jkp151xy5ffv58xt0f388o1gdtkty7jp8gqbp
[2012/01/04 12:11:21 | 000,016,804 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jkp151xy5ffv58xt0f388o1gdtkty7jp8gqbp
[2011/12/07 08:06:49 | 000,001,166 | -HS- | C] () -- C:\Documents and Settings\jen\Local Settings\Application Data\vgvekc2u0pke2wdd4gme6o068c5i
[2011/12/07 08:06:49 | 000,001,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vgvekc2u0pke2wdd4gme6o068c5i
[2011/11/12 20:35:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/02/14 18:24:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/08 01:39:55 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\jen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 02:42:22 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\jen\Application Data\winscp.rnd
[2008/11/20 18:20:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/03 19:15:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/03 18:50:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/08/03 17:48:18 | 006,184,960 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2008/08/03 17:41:22 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/08/03 17:38:18 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/08/03 05:25:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/03 05:20:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/03 04:36:35 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/08/03 04:36:28 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/03 04:36:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/08/03 04:36:27 | 000,315,076 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/08/03 04:36:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/08/03 04:36:27 | 000,041,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/03 04:36:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/08/03 04:36:27 | 000,004,628 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/08/03 04:36:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/08/03 04:36:26 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2008/08/03 04:36:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/08/03 04:36:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/08/03 04:36:24 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/08/03 04:36:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/08/02 22:15:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/02 22:14:22 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/11/20 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2012/01/12 19:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2011/11/15 20:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2011/10/20 17:41:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/28 16:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/08/03 18:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/10/15 19:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jen\Application Data\.anki
[2011/09/09 16:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jen\Application Data\benibela
[2012/01/12 19:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jen\Application Data\Bitdefender
[2012/01/06 09:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jen\Application Data\Dropbox
[2011/05/24 04:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jen\Application Data\gtk-2.0
[2009/06/20 17:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jen\Application Data\Mind Control Software
[2009/06/20 17:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jen\Application Data\PlayFirst
[2012/01/12 18:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jen\Application Data\QuickScan
[2012/01/06 09:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jen\Application Data\uTorrent
[2009/07/29 17:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jen\Application Data\Wing 101 3

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\jen\Desktop\OTL.exe:BDU

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 06 January 2012 - 03:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I can see the problem

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{84be9ce8-28eb-11e0-88e4-001d92cb904a}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
    O33 - MountPoints2\{84be9ce8-28eb-11e0-88e4-001d92cb904a}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
    O33 - MountPoints2\{a08de6fe-3568-11de-88b0-001d92cb904a}\Shell\Auto\command - "" = svchosts.exe
    O33 - MountPoints2\{a08de6fe-3568-11de-88b0-001d92cb904a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a08de6fe-3568-11de-88b0-001d92cb904a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svchosts.exe
    [2012/01/11 12:48:00 | 000,016,804 | -HS- | M] () -- C:\Documents and Settings\jen\Local Settings\Application Data\jkp151xy5ffv58xt0f388o1gdtkty7jp8gqbp
    [2012/01/11 12:48:00 | 000,016,804 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jkp151xy5ffv58xt0f388o1gdtkty7jp8gqbp
    [2012/01/04 12:11:21 | 000,016,804 | -HS- | C] () -- C:\Documents and Settings\jen\Local Settings\Application Data\jkp151xy5ffv58xt0f388o1gdtkty7jp8gqbp
    [2012/01/04 12:11:21 | 000,016,804 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jkp151xy5ffv58xt0f388o1gdtkty7jp8gqbp
    [2011/12/07 08:06:49 | 000,001,166 | -HS- | C] () -- C:\Documents and Settings\jen\Local Settings\Application Data\vgvekc2u0pke2wdd4gme6o068c5i
    [2011/12/07 08:06:49 | 000,001,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vgvekc2u0pke2wdd4gme6o068c5i

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Essexboy
Posted 10 January 2012 - 04:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP