Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please wait while connection is being established [Closed]

Started by satikus , Jun 17 2012 07:35 AM

  • This topic is locked This topic is locked

#1
satikus
Posted 17 June 2012 - 07:35 AM

satikus

    New Member

  • Member
  • Pip
  • 3 posts
Hi,

I can't seem to remove this Malware. When I try to start my pc (windows xp) in safe mode (or safe mode with command prompt) to perform a system restore, the screen goes white, Ctrl Alt Del does not work. I'm completely stuck..

I've followed some of the other topic stings, set up a boot disk for OTPLE, run OTPLE scan with the attached results. I can see from previous strings that each fix is pc specific and need help with a fix that'll work for me. I'd really appreciate someone having a look at this for me.

Satikus..Attached File  OTL.txt   100.01KB   85 downloads

OTL logfile created on: 6/17/2012 2:36:43 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 785.00 Mb Available Physical Memory | 77.00% Memory free
906.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 14.86 Gb Free Space | 10.18% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (SupportSoft RemoteAssist)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe -- (NIS)
SRV - [2010/12/18 04:56:21 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/18 04:56:15 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/18 04:56:05 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2008/04/07 04:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/04/10 22:17:10 | 000,407,136 | ---- | M] (Juniper Networks) [Auto] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2006/11/03 13:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/25 03:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2005/03/01 15:49:18 | 000,036,962 | ---- | M] (Check Point Software Technologies) [Disabled] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe -- (SR_WatchDog)
SRV - [2005/03/01 15:49:14 | 000,110,689 | ---- | M] (Check Point Software Technologies) [Disabled] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2003/01/03 06:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) [Auto] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2012/04/27 20:18:22 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120505.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/03 22:45:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 22:45:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 21:46:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120504.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 21:46:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120504.033\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 19:12:53 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\NIS\1207010.003\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\Drivers\NIS\1207010.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\Ironx86.SYS -- (SymIRON)
DRV - [2010/12/18 04:56:06 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/11 08:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 08:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/11/29 05:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 05:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 05:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 05:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/09/17 10:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/10 19:05:34 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2005/10/27 12:06:11 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 17:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/01 15:49:36 | 002,041,904 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
DRV - [2005/03/01 15:49:30 | 000,017,456 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\scap.sys -- (Scap)
DRV - [2005/03/01 15:49:28 | 000,014,924 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OMVA.sys -- (OMVA)
DRV - [2005/03/01 15:49:24 | 000,670,128 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2005/02/02 20:50:28 | 000,004,224 | ---- | M] () [File_System | System] -- C:\WINDOWS\System32\StarOpen.sys -- (StarOpen)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/08 07:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 07:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/04/14 12:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 09:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 09:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [1999/09/10 08:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lara_Satik_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\Lara_Satik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKU\Lara_Satik_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\Lara_Satik_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Lara_Satik_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Omur_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\Omur_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Omur_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Omur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Omur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Omur_Satik_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\Omur_Satik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKU\Omur_Satik_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\Omur_Satik_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Omur_Satik_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\Test_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\Test_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\Test_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Test_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/11 04:58:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_7_5 [2012/06/10 07:48:40 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2007/12/05 14:01:31 | 000,000,707 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {76CA510F-C919-42C2-97DD-1CF6E758D3DF} - C:\WINDOWS\system32\fastsrch.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Lara_Satik_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Lara_Satik_ON_C\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
O3 - HKU\Lara_Satik_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Lara_Satik_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKU\Lara_Satik_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Omur_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Omur_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKU\Omur_Satik_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Omur_Satik_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Omur_Satik_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKU\Omur_Satik_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Test_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Test_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SkirUGGBa7lvZk3] C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
O4 - HKU\Administrator_ON_C..\Run: [McAfee Update] C:\Documents and Settings\Administrator\Local Settings\Temp\mcupdate_1304506601.exe (McAfee, Inc.)
O4 - HKU\Lara_Satik_ON_C..\Run: [DellTransferAgent] C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
O4 - HKU\Lara_Satik_ON_C..\Run: [NSeries.PCSync] C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\Lara_Satik_ON_C..\Run: [swg] File not found
O4 - HKU\Omur_ON_C..\Run: [SkirUGGBa7lvZk3] C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
O4 - HKU\Omur_Satik_ON_C..\Run: [{1C5EC986-5F61-13B4-DA84-1A4F6F494073}] File not found
O4 - HKU\Test_ON_C..\Run: [swg] File not found
O4 - HKU\Omur_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lara_Satik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Omur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Omur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Omur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Omur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Omur_Satik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Test_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O16 - DPF: FirstViewer http://barnet.docume...ts/FirstVwr.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe) - C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe) - C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
O20 - HKU\Omur_ON_C Winlogon: Shell - (C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe) - C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
O20 - HKU\Omur_ON_C Winlogon: UserInit - (C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe) - C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/10 08:31:34 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[2005/05/11 19:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[2002/01/01 18:27:15 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2002/01/01 18:27:08 | 000,017,920 | ---- | C] ( ) -- C:\WINDOWS\System32\SHELLLNK.DLL
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 05:46:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/17 05:40:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/10 07:48:38 | 000,002,641 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2012/06/02 20:13:51 | 000,286,720 | ---- | M] () -- C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe
[2012/06/02 15:06:22 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1C89E714-81C4-4E24-8257-89B6934E8D7A}.job
[2012/06/02 10:59:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/02 02:10:53 | 000,123,392 | ---- | M] () -- C:\WINDOWS\System32\fastsrch.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/02 20:13:57 | 000,286,720 | ---- | C] () -- C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe
[2012/06/02 02:10:53 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\fastsrch.dll
[2011/08/17 15:41:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Omur\Local Settings\Application Data\fusioncache.dat
[2011/07/28 04:17:11 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Omur\g2mdlhlpx.exe
[2011/06/14 17:48:02 | 000,027,209 | ---- | C] () -- C:\Documents and Settings\Omur\Application Data\Personal Address Book.ADR
[2011/05/30 10:22:46 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\Omur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 11:07:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lara Satik\Local Settings\Application Data\{60F5DC4B-1018-49AD-B42E-8F91712C3238}
[2011/05/04 05:49:19 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Omur Satik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 22:29:41 | 000,013,358 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\47h7308i05434q7ml6uhge302
[2011/04/18 21:41:47 | 000,145,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 20:30:56 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Omur Satik\Application Data\1.gif
[2011/01/03 13:30:06 | 000,002,236 | ---- | C] () -- C:\WINDOWS\Payroll.ini
[2011/01/03 13:26:25 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_RegTLB.dll
[2010/10/14 22:29:43 | 000,073,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/02 10:52:58 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Omur Satik\g2mdlhlpx.exe
[2010/01/16 09:40:40 | 000,063,484 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/13 06:25:26 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\SgDate.dll
[2009/12/10 08:34:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2009/12/10 08:32:46 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2009/09/10 09:22:54 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/09/10 09:22:48 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/09/10 09:22:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/09/10 09:22:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/09/10 09:22:42 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/09/10 09:22:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2009/09/10 09:22:30 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2009/09/10 09:22:26 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2009/09/10 09:22:20 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/09/10 09:22:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/09/10 09:21:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/09/08 16:58:45 | 000,000,082 | ---- | C] () -- C:\WINDOWS\sr_func.INI
[2009/09/08 16:49:30 | 000,000,272 | ---- | C] () -- C:\WINDOWS\sr_dct.INI
[2009/02/05 18:24:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/31 08:29:19 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2008/12/22 06:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/12/22 06:26:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2008/12/22 06:26:30 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2008/10/06 16:29:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/06/15 09:48:55 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2008/06/15 09:48:53 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2008/06/14 18:13:14 | 000,000,004 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2008/04/04 13:24:29 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/04/04 13:20:07 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/04/04 12:51:07 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2008/04/04 12:50:34 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2008/04/04 12:49:48 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2008/04/04 12:48:36 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/02/25 17:10:54 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2007/12/23 05:44:22 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/15 23:06:49 | 000,000,307 | ---- | C] () -- C:\WINDOWS\eform.INI
[2007/10/16 08:02:30 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Forms.ini
[2007/10/16 08:02:27 | 000,000,235 | ---- | C] () -- C:\WINDOWS\blankforms.ini
[2007/10/15 17:29:01 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2007/10/15 17:29:00 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2007/10/15 17:29:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\trimport2001.dll
[2007/10/15 16:31:58 | 000,003,611 | ---- | C] () -- C:\WINDOWS\Sharereg.ini
[2007/08/06 06:07:30 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/29 18:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/02/12 20:14:34 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/12 20:14:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/01 12:20:56 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Omur Satik\Local Settings\Application Data\fusioncache.dat
[2006/11/01 10:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLch32.dll
[2006/11/01 10:41:16 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2006/11/01 09:50:40 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\PDFInstall.exe
[2006/10/24 06:12:06 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2006/10/24 06:10:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2006/10/24 06:10:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBar32.dll
[2006/10/24 06:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SgStat32.dll
[2006/10/24 06:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLogo32.dll
[2006/10/24 06:10:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2006/10/24 06:10:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDlg32.dll
[2006/10/24 06:10:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAppBar.dll
[2006/10/24 06:10:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.dll
[2006/10/11 07:17:22 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\sg50SDOApplication.dll
[2006/07/16 04:42:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/11/21 01:47:52 | 000,000,191 | ---- | C] () -- C:\WINDOWS\WinHelp.ini
[2005/11/21 01:20:19 | 000,001,241 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2005/11/08 10:53:54 | 000,000,885 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/08 10:34:56 | 000,000,296 | ---- | C] () -- C:\WINDOWS\sapmsg.ini
[2005/11/08 10:34:56 | 000,000,070 | ---- | C] () -- C:\WINDOWS\saproute.ini
[2005/11/08 10:18:24 | 000,000,809 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2005/11/08 09:23:23 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2005/11/08 09:23:23 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2005/11/08 09:23:23 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2005/11/08 09:23:23 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2005/11/08 09:23:23 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2005/11/08 09:23:20 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2005/11/08 08:58:35 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin
[2005/11/08 08:58:35 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin
[2005/11/08 08:58:16 | 000,106,591 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2005/11/08 08:58:12 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2005/11/08 08:45:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/10/27 12:17:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/27 12:09:34 | 000,000,313 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/27 12:05:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/27 11:41:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/27 11:41:54 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/10/27 11:41:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/23 09:12:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2005/08/22 04:32:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RepDes32.exe
[2005/04/09 12:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/02 20:50:28 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2004/08/10 08:12:05 | 000,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 08:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 08:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 08:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 07:57:52 | 000,004,783 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 07:57:15 | 000,287,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 07:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:51:20 | 000,504,168 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:51:20 | 000,088,830 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 07:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 07:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 07:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/08 02:19:56 | 000,001,187 | ---- | C] () -- C:\WINDOWS\Sageintl.ini
[2004/06/09 06:57:12 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\Install.exe
[2002/08/12 05:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/04/16 05:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2002/02/02 19:52:10 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Lara Satik\Personal Folders(1).pst
[2002/01/18 01:04:02 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2002/01/14 21:02:56 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe
[2002/01/14 21:02:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\UnCasino5.exe
[2002/01/12 20:06:16 | 000,000,387 | ---- | C] () -- C:\WINDOWS\FTREE.INI
[2002/01/12 20:06:16 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2002/01/11 16:06:01 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2002/01/08 12:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/01/07 03:42:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2002/01/06 04:39:59 | 000,000,479 | ---- | C] () -- C:\WINDOWS\eolupclnt.ini
[2002/01/05 17:29:51 | 000,001,170 | ---- | C] () -- C:\WINDOWS\capture.INI
[2002/01/03 17:20:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2002/01/03 16:06:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Lara Satik\Local Settings\Application Data\fusioncache.dat
[2002/01/02 17:32:30 | 000,000,048 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2002/01/02 17:00:45 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2002/01/02 16:37:03 | 000,080,477 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2002/01/02 16:37:03 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2002/01/02 01:40:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc625010911.bin
[2002/01/01 19:07:20 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\IMGHOOK.DLL
[2002/01/01 19:07:10 | 000,020,560 | ---- | C] () -- C:\WINDOWS\System32\msau200.dll
[2002/01/01 19:07:10 | 000,004,932 | ---- | C] () -- C:\WINDOWS\PMS.INI
[2002/01/01 19:06:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\msacc20.ini
[2002/01/01 18:56:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\MSWHEEL.DLL
[2002/01/01 18:56:09 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MSH_ZWF.DLL
[2002/01/01 18:27:20 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\Condll32.dll
[2002/01/01 18:27:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LBAR.DLL
[2002/01/01 18:27:18 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\U2LDTS.DLL
[2002/01/01 18:27:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\U2LEXCH.DLL
[2002/01/01 18:27:18 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\U2LSAMP1.DLL
[2002/01/01 18:27:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\U2LFINRA.DLL
[2002/01/01 18:27:17 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25STORE.DLL
[2002/01/01 18:27:17 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\U25TOTAL.DLL
[2002/01/01 18:27:17 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\U25DTS.DLL
[2002/01/01 18:27:09 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Omur\VDIR.MDB
[2002/01/01 18:21:21 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\VIZAREG.DLL
[2002/01/01 16:51:28 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\VIEWUTIL.ini
[2001/11/21 03:11:28 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2001/11/21 03:11:27 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2001/11/21 02:56:50 | 000,002,641 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2001/11/21 02:56:49 | 000,000,256 | R--- | C] () -- C:\WINDOWS\System32\brmsl06f.bin
[2001/11/21 02:51:34 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[1999/10/25 06:53:58 | 000,025,218 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[1998/03/25 21:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1998/03/23 20:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2008/01/07 05:49:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks
[2002/01/01 09:13:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2011/05/03 18:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Juniper Networks
[2011/12/09 05:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lara Satik\Application Data\alot
[2005/11/08 10:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lara Satik\Application Data\ICAClient
[2008/10/24 07:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lara Satik\Application Data\Nokia
[2007/04/02 18:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lara Satik\Application Data\PC Suite
[2011/05/04 12:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lara Satik\Application Data\Sage
[2008/04/17 08:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2009/09/28 17:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/11/29 16:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
[2011/07/01 22:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur\Application Data\alot
[2008/02/14 14:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur\Application Data\Juniper Networks
[2011/05/08 06:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur\Application Data\Nokia Multimedia Player
[2011/05/08 06:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur\Application Data\PC Suite
[2011/06/17 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur\Application Data\TeamViewer
[2011/07/01 22:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur\Application Data\Tific
[2012/05/11 14:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur\Application Data\webex
[2011/04/30 00:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\Bunuc
[2002/01/09 02:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\Datalayer
[2009/05/04 11:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\DeepBurner Pro
[2002/01/05 08:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\ICAClient
[2009/01/23 06:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\Juniper Networks
[2002/01/04 05:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\Leadertech
[2008/04/18 19:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\Nokia
[2009/02/13 00:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\Nokia Multimedia Player
[2008/04/18 19:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\NSeries
[2002/01/02 06:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\PC Suite
[2011/04/21 09:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\Sage
[2002/02/02 20:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\SlySoft
[2010/01/12 16:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\SupportSoft
[2011/04/29 22:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\Tair
[2011/04/07 03:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omur Satik\Application Data\TeamViewer
[2008/02/14 14:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Test\Application Data\Juniper Networks
[2011/05/08 18:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Test\Application Data\PC Suite
[2006/07/16 12:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/04/18 18:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/04/19 06:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IRIS Software Ltd
[2009/01/23 06:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2012/06/10 07:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2002/01/02 07:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/06/03 07:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2
[2008/04/18 18:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/02 12:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2010/01/10 16:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2002/01/01 11:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2002/02/02 20:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/01/31 08:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/05/25 17:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/02 15:06:22 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1C89E714-81C4-4E24-8257-89B6934E8D7A}.job

========== Purity Check ==========


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 17 June 2012 - 08:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you let me know what problems you are having on completion of this run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\Lara_Satik_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
    IE - HKU\Lara_Satik_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
    IE - HKU\Omur_Satik_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
    IE - HKU\Test_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {76CA510F-C919-42C2-97DD-1CF6E758D3DF} - C:\WINDOWS\system32\fastsrch.dll ()
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKU\Lara_Satik_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\Lara_Satik_ON_C\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
    O3 - HKU\Lara_Satik_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\Omur_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\Test_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [SkirUGGBa7lvZk3] C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
    O4 - HKU\Omur_ON_C..\Run: [SkirUGGBa7lvZk3] C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
    O4 - HKU\Omur_Satik_ON_C..\Run: [{1C5EC986-5F61-13B4-DA84-1A4F6F494073}] File not found
    O4 - HKU\Test_ON_C..\Run: [swg] File not found
    O7 - HKU\Omur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKU\Omur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\Omur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe) - C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe) - C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
    O20 - HKU\Omur_ON_C Winlogon: Shell - (C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe) - C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
    O20 - HKU\Omur_ON_C Winlogon: UserInit - (C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe) - C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe ()
    [2012/06/02 20:13:51 | 000,286,720 | ---- | M] () -- C:\Documents and Settings\Omur\Application Data\WinrarArchiver.exe
    [2012/06/02 02:10:53 | 000,123,392 | ---- | M] () -- C:\WINDOWS\System32\fastsrch.dll
    [2011/04/29 22:29:41 | 000,013,358 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\47h7308i05434q7ml6uhge302

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
satikus
Posted 17 June 2012 - 09:55 AM

satikus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Attached File  OTL.txt   100KB   60 downloads Thanks, The fix seemed to run ok, although I think I may have missed the first line on the copy paste (i.e. :OTL). I've attached the log.

Do you want me to attempt to reboot normally?
  • 0

#4
Essexboy
Posted 17 June 2012 - 09:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes, that bit appears to have been missed could you re-run the OTL fix please and then reboot to normal windows
  • 0

#5
satikus
Posted 17 June 2012 - 09:59 AM

satikus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
ok.will do
  • 0

#6
Essexboy
Posted 22 June 2012 - 08:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP