Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help cleaning computer, remove "ctmn32.exe" [Solved]

Started by s0nginmyheart , Jan 23 2012 01:49 PM

  • This topic is locked This topic is locked

#1
s0nginmyheart
Posted 23 January 2012 - 01:49 PM

s0nginmyheart

    Member

  • Member
  • PipPipPip
  • 151 posts
Hi,

I am cleaning out a third computer and Malware Bytes has cleaned up a few things. However there is one issue I can't seem to fix. Upon start up a prompt comes up that asks if I want to allow "ctmn32.exe" and I always click no. Googling it has showed it is some sort of spamware? Can anyone please help fix. Thanks in advance.

Here is the result from the OTL scan:




OTL logfile created on: 1/23/2012 1:41:31 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 49.81% Memory free
7.68 Gb Paging File | 5.62 Gb Available in Paging File | 73.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.59 Gb Total Space | 340.93 Gb Free Space | 75.33% Space Free | Partition Type: NTFS
Drive D: | 13.17 Gb Total Space | 1.80 Gb Free Space | 13.69% Space Free | Partition Type: NTFS

Computer Name: BC1 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/23 13:41:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/10/17 08:30:25 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/10 13:21:34 | 003,632,128 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2009/09/01 08:06:57 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/01 08:06:46 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/09/01 08:06:42 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/04/23 05:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2008/10/17 18:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 18:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/26 04:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/05/21 09:43:26 | 002,764,800 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe
PRC - [2007/04/18 09:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 03:48:44 | 000,411,120 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 03:48:43 | 003,767,792 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 03:47:19 | 000,122,880 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 03:47:18 | 000,222,208 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 03:47:17 | 001,746,432 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 01:06:01 | 008,593,056 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/10/17 18:57:20 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/08/26 09:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/01 08:06:46 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/09/01 08:06:42 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/21 09:43:26 | 002,764,800 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe -- (ComputerTimeServer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/21 23:08:04 | 000,097,912 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NEOFLTR_700_17757.SYS -- (NEOFLTR_700_17757) Juniper Networks TDI Filter Driver (NEOFLTR_700_17757)
DRV:64bit: - [2009/09/01 08:06:59 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/09/01 08:06:58 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/16 23:24:15 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/03/21 06:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2038252154-278987011-203068405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKU\S-1-5-21-2038252154-278987011-203068405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2038252154-278987011-203068405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2038252154-278987011-203068405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2038252154-278987011-203068405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 D1 9E 0C 26 E2 CA 01 [binary data]
IE - HKU\S-1-5-21-2038252154-278987011-203068405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2038252154-278987011-203068405-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-2038252154-278987011-203068405-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


[2010/04/21 17:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKU\S-1-5-21-2038252154-278987011-203068405-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [*ctmn32] C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe (SoftwareTime, LLC)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2038252154-278987011-203068405-1000..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-2038252154-278987011-203068405-1000..\Run: [EPSON NX300 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Users\user\AppData\Local\Temp\E_SF393.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2038252154-278987011-203068405-1000..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found
O4 - HKU\S-1-5-21-2038252154-278987011-203068405-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2038252154-278987011-203068405-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2038252154-278987011-203068405-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2038252154-278987011-203068405-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2038252154-278987011-203068405-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://imail.tema.t...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} https://www.int.ch2m...ls/ikcntrls.cab (Ikonic Menu Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADFD8513-771E-4C05-9844-C5E31D9F8EF0}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADFD8513-771E-4C05-9844-C5E31D9F8EF0}: Domain = .
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Crater.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Crater.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1695b1e4-08f6-11e0-891e-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{1695b1e4-08f6-11e0-891e-00248c5c8cc2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{1695b2a3-08f6-11e0-891e-00248c5c8cc2}\Shell\AutoRun\command - "" = F:\JPV-9P04I-1KXXNPNL-7KADJGW6-MX0BNAC4-JKZWQ28H\KL-JBEERG-UEA9GZXQI-38X3LQFS46J-RLDJ4WO-GXVXA\autorunme.exe
O33 - MountPoints2\{1695b2a3-08f6-11e0-891e-00248c5c8cc2}\Shell\Explore\Command - "" = F:\
O33 - MountPoints2\{1695b2a3-08f6-11e0-891e-00248c5c8cc2}\Shell\open\command - "" = F:\JPV-9P04I-1KXXNPNL-7KADJGW6-MX0BNAC4-JKZWQ28H\KL-JBEERG-UEA9GZXQI-38X3LQFS46J-RLDJ4WO-GXVXA\autorunme.exe
O33 - MountPoints2\{1695b2f4-08f6-11e0-891e-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{1695b2f4-08f6-11e0-891e-00248c5c8cc2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1695b64e-08f6-11e0-891e-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{1695b64e-08f6-11e0-891e-00248c5c8cc2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{2250aeca-ab6a-11df-a877-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{2250aeca-ab6a-11df-a877-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{2588c5e0-6f93-11df-96f0-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{2588c5e0-6f93-11df-96f0-00248c5c8cc2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{278a16c1-c0a2-11df-bf10-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{278a16c1-c0a2-11df-bf10-00248c5c8cc2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{278a16dd-c0a2-11df-bf10-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{278a16dd-c0a2-11df-bf10-00248c5c8cc2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{2a50a0a8-51bd-11df-8de7-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{3364f661-34f5-11e0-8307-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{3364f661-34f5-11e0-8307-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{3cc84f52-024a-11df-b566-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{3cc84f52-024a-11df-b566-00248c5c8cc2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{407ab015-b480-11df-8512-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{407ab015-b480-11df-8512-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{52688ec2-d6a3-11df-89ca-00248c5c8cc2}\Shell\AutoRun\command - "" = M:\Windows\bin\eblSetup.exe
O33 - MountPoints2\{664b422f-7ce4-11df-8d02-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\mpstxgx.exe
O33 - MountPoints2\{664b422f-7ce4-11df-8d02-00248c5c8cc2}\Shell\open\Command - "" = J:\mpstxgx.exe
O33 - MountPoints2\{8fb73b86-211e-11e0-b362-00248c5c8cc2}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{8fb73b86-211e-11e0-b362-00248c5c8cc2}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{97a10106-9053-11df-8801-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{97a10106-9053-11df-8801-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{9982132c-9ed7-11df-8431-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{9982132c-9ed7-11df-8431-00248c5c8cc2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{9d840f71-4128-11e1-8251-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d840f71-4128-11e1-8251-00248c5c8cc2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{9d840f9d-4128-11e1-8251-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d840f9d-4128-11e1-8251-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{bc54024b-241c-11de-bd78-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bc54024b-241c-11de-bd78-806e6f6e6963}\Shell\AutoRun\command - "" = E:\MInst.exe
O33 - MountPoints2\{bfa4e1f1-a09c-11df-9cd3-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{bfa4e1f1-a09c-11df-9cd3-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\{c508cdd8-4fa5-11e0-8e51-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{c508cdd8-4fa5-11e0-8e51-00248c5c8cc2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{c950921b-9d17-11de-8cda-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{e1eda0ce-fcff-11de-af04-00248c5c8cc2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{ed118885-6227-11df-b1e0-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{ed118885-6227-11df-b1e0-00248c5c8cc2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\tmp/bak.exe
O33 - MountPoints2\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\Shell\explore\command - "" = J:\tmp/bak.exe
O33 - MountPoints2\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\Shell\open\command - "" = J:\tmp/bak.exe
O33 - MountPoints2\{f4a97f44-2fad-11df-80d5-00248c5c8cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{f4a97f44-2fad-11df-80d5-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 13:41:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/01/18 13:30:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2012/01/17 10:25:10 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonMF Uninstaller Information
[2012/01/17 10:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/01/17 10:07:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Canon
[2012/01/17 09:54:11 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\MF4450_MFDrivers_W64_us_EN-1
[2012/01/17 09:53:46 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\ToolBox_4911mf12_Win_EN
[2012/01/17 09:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
[2012/01/17 09:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Color Network ScanGear
[2012/01/17 09:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon

========== Files - Modified Within 30 Days ==========

[2012/01/23 13:41:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/01/23 13:39:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2038252154-278987011-203068405-1000UA.job
[2012/01/23 13:39:01 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/23 13:39:01 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/23 13:39:01 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/23 13:32:50 | 000,000,336 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/01/23 13:32:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 13:32:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 13:32:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 13:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/23 13:30:48 | 000,000,258 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/23 13:30:19 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2012/01/23 13:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/23 11:55:50 | 000,000,680 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2012/01/23 11:29:11 | 000,000,662 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 11:17:44 | 089,163,108 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/01/20 06:39:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2038252154-278987011-203068405-1000Core.job
[2012/01/17 18:46:08 | 000,000,981 | ---- | M] () -- C:\Users\user\Desktop\Internet Explorer.lnk
[2012/01/17 09:54:06 | 031,367,168 | ---- | M] () -- C:\Users\user\Desktop\MF4450_MFDrivers_W64_us_EN-1.exe
[2012/01/17 09:54:02 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2012/01/17 09:53:31 | 006,261,592 | ---- | M] () -- C:\Users\user\Desktop\ToolBox_4911mf12_Win_EN.exe
[2012/01/06 23:40:23 | 000,002,039 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/01/06 23:40:23 | 000,002,001 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/01/23 13:30:48 | 000,000,258 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/23 13:30:19 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2012/01/23 11:29:11 | 000,000,662 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/17 18:46:08 | 000,000,981 | ---- | C] () -- C:\Users\user\Desktop\Internet Explorer.lnk
[2012/01/17 10:00:51 | 000,000,502 | ---- | C] () -- C:\Windows\SysNative\CNCMFP34.INI
[2012/01/17 09:54:03 | 031,367,168 | ---- | C] () -- C:\Users\user\Desktop\MF4450_MFDrivers_W64_us_EN-1.exe
[2012/01/17 09:54:02 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2012/01/17 09:53:28 | 006,261,592 | ---- | C] () -- C:\Users\user\Desktop\ToolBox_4911mf12_Win_EN.exe
[2011/07/14 02:24:53 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/09/16 23:01:44 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/09/16 23:01:44 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/09/16 23:01:44 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/09/16 23:01:44 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/09/16 23:01:44 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/09/16 23:01:44 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/09/16 23:01:44 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/09/16 23:01:44 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/09/16 23:01:44 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/09/16 23:01:44 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/09/16 23:01:44 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/09/16 23:01:44 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/09/16 23:01:44 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/09/16 23:01:44 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/09/16 23:01:44 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/09/16 23:01:44 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/07/17 18:28:38 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/03/07 03:25:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/03 21:47:09 | 000,030,720 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/24 07:05:09 | 000,000,710 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2009/09/10 20:40:52 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/10 20:40:25 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/10 20:40:01 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/16 23:19:03 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009/07/16 23:19:03 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/07/16 23:19:00 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/16 23:19:00 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2009/07/16 23:18:42 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2009/07/16 23:18:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2009/07/16 23:15:37 | 000,000,336 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/01/16 13:32:36 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/01/16 13:32:36 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2009/01/16 13:13:20 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/05/29 13:18:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2012/01/17 10:07:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2011/01/18 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EPSON
[2011/03/05 12:23:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\funkitron
[2009/07/30 17:44:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gamelab
[2010/06/01 07:49:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\iWin
[2012/01/18 13:38:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Juniper Networks
[2011/04/01 19:32:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Oberon Media
[2010/07/15 22:17:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2009/07/17 09:04:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PictureMover
[2009/07/30 13:07:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2009/12/04 09:45:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2009/07/30 13:06:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2012/01/23 13:31:08 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:813B8EB6

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 23 January 2012 - 02:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi :wave: Are the other systems behaving now ?

This one has been using infected USB drives. I may need to do a little registry fix if this first run does not stop the popup

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-2038252154-278987011-203068405-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
    O4 - HKLM..\Run: [*ctmn32] C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe (SoftwareTime, LLC)
    O33 - MountPoints2\{8fb73b86-211e-11e0-b362-00248c5c8cc2}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
    O33 - MountPoints2\{8fb73b86-211e-11e0-b362-00248c5c8cc2}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
    O33 - MountPoints2\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\Shell\AutoRun\command - "" = J:\tmp/bak.exe
    O33 - MountPoints2\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\Shell\explore\command - "" = J:\tmp/bak.exe
    O33 - MountPoints2\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\Shell\open\command - "" = J:\tmp/bak.exe


    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\SoftwareTime

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
s0nginmyheart
Posted 23 January 2012 - 02:41 PM

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 151 posts
Thanks! The other two computers are working perfectly now.


All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2038252154-278987011-203068405-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\*ctmn32 deleted successfully.
Invalid CLSID key: *ctmn32
C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fb73b86-211e-11e0-b362-00248c5c8cc2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fb73b86-211e-11e0-b362-00248c5c8cc2}\ not found.
File RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fb73b86-211e-11e0-b362-00248c5c8cc2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fb73b86-211e-11e0-b362-00248c5c8cc2}\ not found.
File RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\ not found.
File J:\tmp/bak.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\ not found.
File J:\tmp/bak.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed118a27-6227-11df-b1e0-00248c5c8cc2}\ not found.
File J:\tmp/bak.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\SoftwareTime\ComputerTime\tokens folder moved successfully.
C:\Program Files (x86)\SoftwareTime\ComputerTime\help folder moved successfully.
C:\Program Files (x86)\SoftwareTime\ComputerTime\bin folder moved successfully.
C:\Program Files (x86)\SoftwareTime\ComputerTime folder moved successfully.
C:\Program Files (x86)\SoftwareTime folder moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 60372943 bytes
->Temporary Internet Files folder emptied: 14042020 bytes
->Java cache emptied: 20879160 bytes
->Google Chrome cache emptied: 398991401 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 25593 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7861866 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 171741526 bytes

Total Files Cleaned = 643.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01232012_142005

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000001C2909AA7A3CA0B15 not found!
File\Folder C:\Windows\temp\TMP0000001341935E8FD16B14C5 not found!

Registry entries deleted on Reboot...
  • 0

#4
Essexboy
Posted 23 January 2012 - 02:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did it reappear on the reboot ?
  • 0

#5
s0nginmyheart
Posted 23 January 2012 - 02:48 PM

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 151 posts
It did not pop up on reboot... thank you! What is next (if anything)?
  • 0

#6
Essexboy
Posted 23 January 2012 - 02:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was the only anomoly that I saw - how is it behaving ?
  • 0

#7
s0nginmyheart
Posted 23 January 2012 - 02:54 PM

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 151 posts
It seems to be running fine now. That pop up was the only questionable thing I saw after running the anti virus scans. I will run Windows Live Essentials again. Thank you very much again!
  • 0

#8
Essexboy
Posted 23 January 2012 - 03:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - For this one just run OTL and hit the cleanup button :)
  • 0

#9
Essexboy
Posted 24 January 2012 - 03:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP