Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware detected !

Started by Maria10 , Jul 01 2012 06:21 PM

  • Please log in to reply

#1
Maria10
Posted 01 July 2012 - 06:21 PM

Maria10

    Member

  • Member
  • PipPipPip
  • 105 posts
Hi Guys,

I found out that my computer is infected with 9 threats...
While i was fixing my other home computer i have decided to ran the same online scan ("ESET" you can identify from my other thread), anyway after more than a hour scan i got the result with 9 threats... i have attached the file containing the current threats on my computer.
I also noticed at CONTROL PANEL there was a "program" which i could not remove... i don't remember installing this program which appear as "PC Camera" but when i try to remove it or change it i get an error message. It might be one of the current threats identified by "ESET"...

Could you please help me out on removing them and possibly check if are there any other threats infecting my computer?

Thanks for your help it is very much appreciated ;)

Attached Files


Edited by Maria10, 01 July 2012 - 06:23 PM.

  • 0

Advertisements

#2
Amlak
Posted 01 July 2012 - 06:33 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, Maria10. Have we met before? :P

I'll help you out with this computer as well. As always, expect a bit of delay with some of my responses.
  • 0

#3
Maria10
Posted 01 July 2012 - 06:38 PM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
:whistling: Hmm, actually we might have met before.... hahaha

Fantastic !!! No worries, take your time.

Thanks :cheers:
  • 0

#4
Amlak
Posted 01 July 2012 - 06:56 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, to speed things up a bit, run the following scan:

Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs.

  • 0

#5
Maria10
Posted 02 July 2012 - 03:00 AM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Here you go...

OTL logfile created on: 02/07/2012 09:38:11 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.05 Mb Total Physical Memory | 284.68 Mb Available Physical Memory | 28.07% Memory free
2.39 Gb Paging File | 1.74 Gb Available in Paging File | 72.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 24.48 Gb Free Space | 43.80% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/02 09:36:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/07/01 12:25:45 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/04/29 10:43:41 | 000,119,296 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/26 08:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/01/11 16:02:56 | 000,194,904 | ---- | M] ( ) -- C:\Program Files\GbPlugin\gbpsv.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
PRC - [2011/03/23 14:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2010/01/19 15:23:36 | 007,058,704 | ---- | M] () -- C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
PRC - [2010/01/19 15:23:26 | 008,262,928 | ---- | M] (Steek) -- C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/20 12:24:34 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/07/13 06:33:14 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
PRC - [2006/07/13 06:22:50 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/21 22:18:42 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/21 22:10:23 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/21 22:10:04 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/21 22:09:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/06/21 20:21:03 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/06/21 20:20:52 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/21 20:20:22 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/21 20:17:33 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/06/21 20:17:12 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011/03/25 13:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll
MOD - [2010/01/19 15:23:36 | 007,058,704 | ---- | M] () -- C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
MOD - [2009/11/03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files\QuickTime Alternative\AAS\ASL.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/21 13:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2006/10/18 17:51:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/10/18 17:50:22 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/01/19 05:33:38 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL
MOD - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe /SERVICE -- (IBUpdaterService)
SRV - [2012/07/01 12:25:45 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/01 12:18:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/29 10:43:41 | 000,119,296 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/11 16:02:56 | 000,194,904 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2007/02/20 12:24:34 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utqxnjcz.sys -- (utqxnjcz)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys -- (Trufos)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SpywareDetector\SDManager.sys -- (SDManager)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\DellBIOS.Sys -- (DellBIOS)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012/07/02 09:29:06 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD9A2461-598C-4B11-9161-C2980DAE7B10}\MpKslb12e0411.sys -- (MpKslb12e0411)
DRV - [2012/04/22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/11 16:04:00 | 000,042,584 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\User\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\User\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/11/08 11:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2006/11/21 23:05:48 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/09 21:14:16 | 000,280,448 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP) Marvell Libertas 802.11b/g Driver for Windows XP (8335)
DRV - [2005/09/01 17:54:26 | 000,032,000 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS)
DRV - [2005/09/01 17:54:12 | 000,007,936 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2005/08/29 15:45:24 | 000,018,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/06/10 06:55:28 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2005/05/17 15:21:00 | 000,010,240 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\SPC610NC.dll -- (SPC610NC)
DRV - [2004/08/04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/15 14:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTKCMOS.sys -- (GTKCMOS)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60341
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60341
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 F8 83 56 BE 0C CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=14542
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...A8-57E79A6B285F
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60341
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://search.live.c...ms}&FORM=WEATDF
IE - HKCU\..\SearchScopes\{687075BD-F60F-4287-BFDF-4B9A496E9792}: "URL" = http://www.dealio.co...d={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GCNV_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-12 20:07:48&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AC5C6BAC-4C0A-4DC8-B743-8339002D08B1}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1572363
IE - HKCU\..\SearchScopes\{E5EE3F0C-E097-46D9-AE5A-97A6367338DF}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\Live Search: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/07/12 17:56:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]

[2009/01/31 16:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/12 01:29:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/06/11 13:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: setuptool = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkjpkkngdbnbhpcggidmeoemlgmgheam\2.3.9.0_0\
CHR - Extension: Babylon Translator = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012/06/21 16:09:01 | 000,000,822 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - Reg Error: Value error. File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Cosmi Firewall] C:\Program Files\Cosmi\Firewall\firewall.exe File not found
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [V Stuff Backup] C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe (Steek)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS28059; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; MS Internet Explorer; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; update/00319; 66860803; AskTbALSV5/5.9.1.14019)" -"http://www.eurolines...ach/index.aspx" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: bancoreal.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santander.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] https in Trusted sites)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20100223143429 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340292172656 (WUWebControl Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340302579187 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsec...GbPluginABN.cab (GbPluginObj Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8118A134-8733-425F-9542-24C7A9E3C9A4}: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\t-mobile - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\PROGRA~1\GbPlugin\gbiehAbn.dll) - C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/10 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9fddb5e8-7b52-11dd-ab99-001b7723a208}\Shell\AutoRun\command - "" = D:\wdsync.exe
O33 - MountPoints2\{b327e6be-f32d-11df-b139-001b7723a208}\Shell - "" = AutoRun
O33 - MountPoints2\{b327e6be-f32d-11df-b139-001b7723a208}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b327e6be-f32d-11df-b139-001b7723a208}\Shell\AutoRun\command - "" = D:\PlanetGizmo.EXE
O33 - MountPoints2\{f0fc92ee-5091-11df-b055-00158316c113}\Shell\AutoRun\command - "" = D:\vgyn6ewc.exe
O33 - MountPoints2\{f0fc92ee-5091-11df-b055-00158316c113}\Shell\open\Command - "" = D:\vgyn6ewc.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 09:36:19 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/07/02 09:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/07/02 09:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/07/01 19:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/01 13:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Windows Search
[2012/07/01 12:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/07/01 12:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/06/30 21:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Updater5
[2012/06/30 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/06/30 21:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/30 19:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2012/06/30 16:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/06/30 16:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Dell Inc
[2012/06/30 15:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Deployment
[2012/06/30 15:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/06/30 15:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/06/30 15:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PCDr
[2012/06/24 14:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\WinRAR
[2012/06/24 14:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\WinRAR
[2012/06/24 14:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/06/24 14:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/06/24 13:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Job related docs and CV
[2012/06/22 13:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Livros_Books
[2012/06/21 19:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/06/21 19:29:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2012/06/21 19:29:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/06/21 19:29:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2012/06/21 19:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM
[2012/06/21 19:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2012/06/21 19:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/06/21 19:27:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/06/21 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/06/20 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/20 18:51:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/06/20 13:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/06/20 13:43:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/06/20 13:43:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/06/20 13:18:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/06/17 15:07:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/06/16 11:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Radialpoint
[2012/06/12 22:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PerformerSoft
[2012/06/12 22:34:23 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2012/06/12 22:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2012/06/12 20:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Ashampoo
[2012/06/12 20:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ashampoo
[2012/06/12 20:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/06/12 20:06:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/12 13:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/12 13:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/12 13:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/12 13:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/10 23:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Toolbar4
[2012/06/10 22:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/06/10 22:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/06/10 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\uTorrent
[2012/06/10 22:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\setuptool
[2012/06/10 22:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\CRE
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\Documents and Settings\User\Desktop\*.tmp files -> C:\Documents and Settings\User\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/02 09:53:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FE623624-F402-4679-8AD1-AC1494E77203}.job
[2012/07/02 09:49:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{31703581-30B9-43EA-93AE-8469AA7D9596}.job
[2012/07/02 09:36:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/07/02 09:25:17 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/02 09:16:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/02 09:14:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/02 09:14:48 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/02 00:06:27 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Word.lnk
[2012/07/01 12:39:47 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/01 12:39:47 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/07/01 12:15:18 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/07/01 12:01:19 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Update Checker.lnk
[2012/06/30 22:50:52 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/06/30 22:50:52 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/30 21:52:11 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/30 21:09:39 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/30 16:56:29 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2012/06/29 18:14:11 | 000,000,477 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2012/06/29 11:03:09 | 000,000,092 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2012/06/29 10:32:34 | 000,407,207 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Dito na sua Sala, esperando algum jogo do Corinthias!!! Rs....zip
[2012/06/28 22:52:25 | 000,074,966 | ---- | M] () -- C:\Documents and Settings\User\Desktop\532102_385523391508349_1710843818_n.jpg
[2012/06/21 21:02:57 | 000,503,900 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/21 21:02:57 | 000,087,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/21 19:27:26 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/06/21 18:43:25 | 000,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/21 16:09:01 | 000,000,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/20 19:27:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/20 13:31:48 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/17 15:40:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/15 23:20:16 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk
[2012/06/12 20:21:38 | 000,000,021 | ---- | M] () -- C:\Documents and Settings\User\Application Data\ISOWorkshop.ini
[2012/06/12 13:23:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/10 23:25:55 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\Documents and Settings\User\Desktop\*.tmp files -> C:\Documents and Settings\User\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/01 13:25:35 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FE623624-F402-4679-8AD1-AC1494E77203}.job
[2012/07/01 12:15:16 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/01 12:15:16 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/07/01 12:01:19 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Update Checker.lnk
[2012/07/01 12:01:19 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Update Checker.lnk
[2012/06/30 21:09:39 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/30 17:57:57 | 000,083,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/30 16:56:29 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/06/29 10:32:31 | 000,407,207 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Dito na sua Sala, esperando algum jogo do Corinthias!!! Rs....zip
[2012/06/28 22:52:43 | 000,074,966 | ---- | C] () -- C:\Documents and Settings\User\Desktop\532102_385523391508349_1710843818_n.jpg
[2012/06/21 19:27:26 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/06/21 19:27:26 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/06/21 19:22:16 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012/06/21 16:37:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/21 16:37:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/06/21 16:37:02 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2012/06/21 16:32:52 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2012/06/21 16:32:52 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2012/06/20 19:37:11 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/20 19:27:13 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/20 13:32:56 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/06/20 13:32:53 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/06/20 13:32:49 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/06/15 23:20:16 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk
[2012/06/12 20:21:38 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ISOWorkshop.ini
[2012/06/12 13:23:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/11 01:16:34 | 000,126,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/10 23:14:51 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/06/10 22:46:09 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/10 22:46:08 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/09/03 19:36:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\aespro.ini
[2011/04/02 20:01:16 | 000,012,524 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\jcl665ep0rnlp562hps
[2011/04/02 20:01:16 | 000,012,524 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jcl665ep0rnlp562hps
[2010/10/03 23:07:50 | 000,003,594 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2010/09/16 22:36:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/03/02 14:44:41 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\User\Application DatadMb.dat
[2009/07/30 20:06:46 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\User\Application Data\burnaware.ini
[2008/09/24 23:36:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2007/09/12 23:40:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Application Data\AVSDVDPlayer.m3u
[2007/08/10 01:33:59 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/10 01:11:50 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/02/18 12:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/06/12 20:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2008/08/26 11:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2012/06/21 16:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSoftware
[2010/02/18 14:36:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\be0ca07
[2012/05/11 09:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2007/08/02 23:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2012/06/12 20:06:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/03 21:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/08/24 08:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/09/15 12:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/06/01 09:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GbPlugin
[2012/06/13 12:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2011/08/16 22:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/06/30 17:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/08/27 14:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2012/03/30 14:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/05/13 14:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! for Skype
[2012/05/31 21:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/03/31 15:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/04/12 23:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/02/14 20:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/06/30 15:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/06/15 23:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/02/18 12:14:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SARDURPEZV
[2009/02/20 11:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2011/04/16 17:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/06/03 01:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2009/02/24 17:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2012/07/01 12:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009/04/01 10:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/13 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/10/27 14:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2012/06/15 23:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2009/12/10 20:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirginMedia
[2012/06/12 13:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/03 20:28:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2012/06/12 20:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ashampoo
[2011/04/03 18:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
[2009/08/27 21:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\bppeng11
[2008/02/14 20:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Datalayer
[2011/04/12 22:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DriverCure
[2012/06/30 19:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2010/10/03 23:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2011/01/12 21:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ICAClient
[2008/05/05 10:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ieSpell
[2009/02/20 16:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2007/08/03 01:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2008/06/25 00:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
[2012/05/31 22:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
[2011/09/07 17:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ooVoo Details
[2010/02/18 13:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\oovootb
[2009/05/29 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Panda Security
[2011/04/12 22:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ParetoLogic
[2012/05/31 22:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2012/06/30 15:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PCDr
[2012/06/13 09:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PerformerSoft
[2012/06/16 11:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Radialpoint
[2011/04/16 17:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpeedMaxPc
[2012/05/19 21:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpeedyPC Software
[2012/06/10 23:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Toolbar4
[2010/04/03 12:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trusteer
[2010/11/09 14:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TSO
[2011/04/03 18:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Uniblue
[2012/07/01 12:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2011/04/16 17:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Virgin Media
[2012/06/21 19:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2012/07/01 13:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2012/07/02 09:49:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{31703581-30B9-43EA-93AE-8469AA7D9596}.job
[2012/07/02 09:53:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FE623624-F402-4679-8AD1-AC1494E77203}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 412 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:C40EEE98_Cef.gbp
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:C40EEE98_Bb.gbp

< End of report >

Attached Files


  • 0

#6
Amlak
Posted 02 July 2012 - 03:14 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#7
Maria10
Posted 02 July 2012 - 04:43 AM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Scan done !!! Result is attached...

Attached Files


  • 0

#8
Amlak
Posted 03 July 2012 - 02:22 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, Maria10. Just wondering, do you actually need Messenger Plus! for Skype or for Windows Live Messenger? Eset scanner seems to have an issue with Messenger Plus! for Skype. It may be a false positive, but it may also be an actual threat. Let me know whether or not you would like to get rid of it.
  • 0

#9
Maria10
Posted 03 July 2012 - 04:46 AM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hi Amlak,
I don't use it for Skype, i use MSN more often... but if i need to remove Messenger Plus i think it shouldn't be a problem.

Cheers
  • 0

#10
Amlak
Posted 04 July 2012 - 08:39 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, Maria10. Thanks for answering. With your consent, feel free to uninstall the following:

Messenger Plus! for Skype

Once you do that, and restart, do the following:

Warning This fix is only relevant for this system and no other, using it on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utqxnjcz.sys -- (utqxnjcz)
O33 - MountPoints2\{9fddb5e8-7b52-11dd-ab99-001b7723a208}\Shell\AutoRun\command - "" = D:\wdsync.exe
O33 - MountPoints2\{b327e6be-f32d-11df-b139-001b7723a208}\Shell - "" = AutoRun
O33 - MountPoints2\{b327e6be-f32d-11df-b139-001b7723a208}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b327e6be-f32d-11df-b139-001b7723a208}\Shell\AutoRun\command - "" = D:\PlanetGizmo.EXE
O33 - MountPoints2\{f0fc92ee-5091-11df-b055-00158316c113}\Shell\AutoRun\command - "" = D:\vgyn6ewc.exe
O33 - MountPoints2\{f0fc92ee-5091-11df-b055-00158316c113}\Shell\open\Command - "" = D:\vgyn6ewc.exe

:Files
C:\Documents and Settings\User\Local Settings\Application Data\jcl665ep0rnlp562hps
C:\Documents and Settings\All Users\Application Data\jcl665ep0rnlp562hps
C:\Documents and Settings\All Users\Application Data\be0ca07
C:\Documents and Settings\All Users\Application Data\SARDURPEZV
C:\Documents and Settings\All Users\Application Data\~0

:Commands
[EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log it produces in your next reply.

******
NEXT
******

Malwarebytes' Anti-Malware

  • Download Malwarebytes' Anti-Malware here.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, confirm a check mark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Make sure all items are checked and click on Remove Selected.
  • If asked to restart the computer, please do so immediately.
  • Post the contents of the resultant log in your next reply. You can access the log in the Logs tab.

  • 0

Advertisements

#11
Maria10
Posted 04 July 2012 - 01:16 PM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Amlak,

Messenger Plus! for Skype is now removed, I have attached reports for both processes...

Cheers

Attached Files


  • 0

#12
Amlak
Posted 05 July 2012 - 04:43 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, Maria10. How's your computer going? Any visible issues I need to know of? I'll help you with that issue you mentioned earlier, but for now:

Please download JavaRa to the Desktop and unzip it to its own folder.
  • Run JavaRa.exe, pick the language of your choice and click Select.
  • Then click Remove Older Versions. Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
  • Download and install the latest Java Runtime Environment (JRE) version for your computer.

******
NEXT:
******

You have a P2P program called uTorrent. Please keep in mind that it's programs like uTorrent that can open gates to more malware infections for your system. Depending on what you download from such programs, you may end up with a virus/malware attack worse than the one your computer had. Not to mention that such programs are often abused to download illegal software which not only have the potential to carry viruses and malware but might also put you at legal risk. If you believe you have no use for it, please uninstall it. If, however, you really do need it for valid and legit purposes, then by all means, keep it. Just be careful how you use it.
  • 0

#13
Maria10
Posted 07 July 2012 - 01:42 PM

Maria10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hi Amlak,

The computer seems to be faster now, and looks like there isn't any other issue... i will run a new scan just to make sure and let you know if anything comes up.
I have removed uTorrent as i don't need it anymore.

I have a question:
When i ran all the process for Java, does it suppose to remove all old versions of Java?? Just asking, because every time i o to control panel i still see many versions of Java in there. Is this the way it suppose to be?

Cheers
  • 0

#14
Amlak
Posted 07 July 2012 - 06:56 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
If they are still there, then try uninstalling those older version through Add or Remove Programs.
  • 0

#15
Amlak
Posted 10 July 2012 - 03:35 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, Maria10. Did you get rid of the older versions of Java? Or do you need specific help?

Also, you said:

I also noticed at CONTROL PANEL there was a "program" which i could not remove... i don't remember installing this program which appear as "PC Camera" but when i try to remove it or change it i get an error message.


Is it still there? This may not be malicious, but if you want it removed, I'd be happy to help you out with this.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP