Edgecrusher
New member
How do i log in the account as administrator?
Koobface virus
- Thread starter Edgecrusher
- Start date
Edgecrusher
New member
done it. i was already logged on as administrator.
Code:
OTS logfile created on: 12/31/2009 12:21:39 PM - Run 1
OTS by OldTimer - Version 3.1.14.1 Folder = C:\Documents and Settings\philip\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.00 Mb Total Physical Memory | 589.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 22.16 Gb Free Space | 29.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PHIL
Current User Name: philip
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\philip\Desktop\OTS.exe -> [2009/12/30 17:41:47 | 00,599,040 | ---- | M] (OldTimer Tools)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2009/09/18 09:26:53 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
groovemonitor.exe -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe -> [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
brs.exe -> C:\Program Files\CyberLink\Shared Files\brs.exe -> [2007/11/16 19:20:26 | 00,091,432 | ---- | M] (cyberlink)
richvideo.exe -> C:\Program Files\CyberLink\Shared Files\RichVideo.exe -> [2007/10/15 20:46:08 | 00,243,056 | ---- | M] ()
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\philip\Desktop\OTS.exe -> [2009/12/30 17:41:47 | 00,599,040 | ---- | M] (OldTimer Tools)
framedyn.dll -> C:\WINDOWS\system32\framedyn.dll -> [2006/05/03 22:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [On_Demand | Stopped] -> -> File not found
(iPod Service) iPod Service [On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH)
(Bonjour Service) Bonjour Service [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Auto | Running] -> C:\Program Files\CyberLink\Shared Files\RichVideo.exe -> [2007/10/15 20:46:08 | 00,243,056 | ---- | M] ()
(MSCSPTISRV) MSCSPTISRV [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -> [2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation)
(SPTISRV) Sony SPTI Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -> [2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation)
(PACSPTISVR) PACSPTISVR [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> [2006/12/14 00:46:16 | 00,057,344 | ---- | M] ()
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
[Driver Services - Safe List]
(Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Pcouffin.sys -> [2009/12/11 12:24:15 | 00,047,360 | ---- | M] (VSO Software)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/12/07 21:22:15 | 00,056,816 | ---- | M] (Avira GmbH)
(Aspi32) Aspi32 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ASPI32.SYS -> [2009/11/25 05:49:14 | 00,016,512 | ---- | M] (Adaptec)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH)
(StarOpen) StarOpen [File_System | System | Running] -> C:\WINDOWS\system32\drivers\StarOpen.sys -> [2009/01/14 22:22:38 | 00,005,632 | ---- | M] ()
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/13 16:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(ss_mdm) SAMSUNG Mobile USB Modem 1.0 Drivers [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_mdm.sys -> [2007/05/02 11:11:18 | 00,109,704 | ---- | M] (MCCI Corporation)
(ss_mdfl) SAMSUNG Mobile USB Modem 1.0 Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_mdfl.sys -> [2007/05/02 11:11:18 | 00,015,112 | ---- | M] (MCCI Corporation)
(ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_bus.sys -> [2007/05/02 11:11:16 | 00,083,592 | ---- | M] (MCCI Corporation)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\alcxwdm.sys -> [2006/12/29 14:48:06 | 04,026,112 | R--- | M] (Realtek Semiconductor Corp.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rootmdm.sys -> [2004/08/04 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: Main\\"Default_Page_URL" -> http://uk.msn.com/ ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: Main\\"Default_Secondary_Page_URL" -> http://www.bing.com/ [binary data] ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: "ProxyOverride" -> *.local ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\philip\Application Data\Mozilla\Extensions -> [2009/03/23 11:49:53 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\philip\Application Data\Mozilla\Extensions\mozswing@mozswing.org -> [2009/03/07 15:26:54 | 00,000,000 | ---D | M]
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2009/09/18 09:27:24 | 00,329,312 | ---- | M] (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{79a7b6cc-15f4-4598-9442-343ab84d19ce} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/11 04:17:29 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/11 04:17:12 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH)
"BDRegion" -> C:\Program Files\CyberLink\Shared Files\brs.exe [C:\Program Files\Cyberlink\Shared Files\brs.exe] -> [2007/11/16 19:20:26 | 00,091,432 | ---- | M] (cyberlink)
"GrooveMonitor" -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/11/10 23:08:18 | 00,417,792 | ---- | M] (Apple Inc.)
"SoundMan" -> C:\WINDOWS\soundman.exe [SOUNDMAN.EXE] -> [2006/11/17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2009/09/18 09:26:53 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
< Run [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Default User.WINDOWS Startup Folder > -> C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup ->
< Phil Startup Folder > -> C:\Documents and Settings\Phil\Start Menu\Programs\Startup ->
< philip Startup Folder > -> C:\Documents and Settings\philip\Start Menu\Programs\Startup ->
C:\Documents and Settings\philip\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
< Software Policy Settings [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/08/17 22:48:08 | 18,341,216 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5347 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5347 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5347 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8885 domain(s) found. ->
55 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab [MSN Photo Upload Tool] ->
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> Reg Error: Value error. [Shockwave Flash Object] ->
{E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab [Windows Live Hotmail Photo Upload Tool] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{DB260A07-6C3B-4B90-8798-0E4D640C2BBF}\\DhcpNameServer -> 192.168.2.1 (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> Reg Error: Value error. -> File not found
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{0074BAD5-04AC-49A8-9314-1D8B356B62FF}" [HKLM] -> C:\WINDOWS\System32\exphylla.dll [ExphyllaW32] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 11:05:30 | 01,169,224 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/11/12 16:33:04 | 10,358,048 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Spotify\spotify.exe" -> C:\Program Files\Spotify\spotify.exe [C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify] -> [2009/11/27 14:45:04 | 02,876,144 | ---- | M] (Spotify AB)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 11:05:30 | 01,169,224 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/10/15 21:59:16 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell
\E\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun
\E\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command
\E\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\{1b0cf414-08ce-11de-b5bd-00012e0b40db}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell
\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell\AutoRun
\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell\AutoRun\command
\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\philip\Desktop\OTS.exe -> [2009/12/30 17:41:43 | 00,599,040 | ---- | C] (OldTimer Tools)
_OTM -> C:\_OTM -> [2009/12/30 15:39:21 | 00,000,000 | ---D | C]
OTM.exe -> C:\Documents and Settings\philip\Desktop\OTM.exe -> [2009/12/30 15:38:07 | 00,452,096 | ---- | C] (OldTimer Tools)
TFC.exe -> C:\Documents and Settings\philip\Desktop\TFC.exe -> [2009/12/29 19:54:19 | 00,410,624 | ---- | C] (OldTimer Tools)
philip.exe -> C:\Documents and Settings\philip\Desktop\philip.exe -> [2009/12/29 15:39:57 | 00,401,720 | ---- | C] (Trend Micro Inc.)
rsit -> C:\rsit -> [2009/12/29 15:39:55 | 00,000,000 | ---D | C]
Omniquad Total Security -> C:\WINDOWS\Omniquad Total Security -> [2009/12/27 21:59:08 | 00,000,000 | ---D | C]
ERUNT -> C:\Program Files\ERUNT -> [2009/12/26 00:19:12 | 00,000,000 | ---D | C]
RegCure -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RegCure -> [2009/12/25 20:08:54 | 00,000,000 | ---D | C]
Dying_Fetus-Descend_Into_Depravity-2009-MTD -> C:\Documents and Settings\philip\Desktop\Dying_Fetus-Descend_Into_Depravity-2009-MTD -> [2009/12/24 15:17:29 | 00,000,000 | ---D | C]
demo- Victim -> C:\Documents and Settings\philip\Desktop\demo- Victim -> [2009/12/24 15:16:53 | 00,000,000 | ---D | C]
demo- Wisdom comes -> C:\Documents and Settings\philip\Desktop\demo- Wisdom comes -> [2009/12/24 15:16:38 | 00,000,000 | ---D | C]
demo- Saturate - V2 -> C:\Documents and Settings\philip\Desktop\demo- Saturate - V2 -> [2009/12/24 15:16:26 | 00,000,000 | ---D | C]
City Of Fire - City Of Fire (2009) Groove Metal -> C:\Documents and Settings\philip\Desktop\City Of Fire - City Of Fire (2009) Groove Metal -> [2009/12/24 15:05:19 | 00,000,000 | ---D | C]
Fear Factory - Mechanize (2010) -> C:\Documents and Settings\philip\Desktop\Fear Factory - Mechanize (2010) -> [2009/12/23 12:10:37 | 00,000,000 | ---D | C]
AE_TOTRSLIJ -> C:\Documents and Settings\philip\Desktop\AE_TOTRSLIJ -> [2009/12/17 11:51:26 | 00,000,000 | ---D | C]
Nothnegal_Abosolute_Blood_Unification -> C:\Documents and Settings\philip\Desktop\Nothnegal_Abosolute_Blood_Unification -> [2009/12/16 16:30:31 | 00,000,000 | ---D | C]
directx -> C:\Program Files\directx -> [2009/12/16 14:29:16 | 00,000,000 | ---D | C]
Rockstar Games -> C:\Program Files\Rockstar Games -> [2009/12/16 14:28:08 | 00,000,000 | ---D | C]
.dvdcss -> C:\Documents and Settings\philip\.dvdcss -> [2009/12/11 17:28:40 | 00,000,000 | ---D | C]
OutputFolder -> C:\OutputFolder -> [2009/12/11 17:27:54 | 00,000,000 | ---D | C]
Digiarty -> C:\Program Files\Digiarty -> [2009/12/11 17:27:44 | 00,000,000 | ---D | C]
lameACM.acm -> C:\WINDOWS\System32\lameACM.acm -> [2009/12/11 17:23:37 | 00,716,800 | ---- | C] (http://www.mp3dev.org/)
divxdec.ax -> C:\WINDOWS\System32\divxdec.ax -> [2009/12/11 17:23:37 | 00,577,536 | ---- | C] (DivXNetworks, Inc.)
divx.dll -> C:\WINDOWS\System32\divx.dll -> [2009/12/11 17:23:37 | 00,574,976 | ---- | C] (DivX, Inc.)
libdivx.dll -> C:\WINDOWS\System32\libdivx.dll -> [2009/12/11 17:23:36 | 01,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/)
dpuGUI11.dll -> C:\WINDOWS\System32\dpuGUI11.dll -> [2009/12/11 17:23:36 | 00,593,920 | ---- | C] (DivXNetworks)
dpu11.dll -> C:\WINDOWS\System32\dpu11.dll -> [2009/12/11 17:23:36 | 00,294,912 | ---- | C] (DivXNetworks)
ssldivx.dll -> C:\WINDOWS\System32\ssldivx.dll -> [2009/12/11 17:23:36 | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/)
dtu100.dll -> C:\WINDOWS\System32\dtu100.dll -> [2009/12/11 17:23:36 | 00,200,704 | ---- | C] (DivXNetworks)
dpl100.dll -> C:\WINDOWS\System32\dpl100.dll -> [2009/12/11 17:23:36 | 00,086,016 | ---- | C] (DivXNetworks)
dpv11.dll -> C:\WINDOWS\System32\dpv11.dll -> [2009/12/11 17:23:36 | 00,057,344 | ---- | C] (DivXNetworks)
iSofter -> C:\Program Files\iSofter -> [2009/12/11 17:23:35 | 00,000,000 | ---D | C]
unicows.dll -> C:\WINDOWS\System32\unicows.dll -> [2009/12/11 17:20:29 | 00,258,352 | ---- | C] (Microsoft Corporation)
pthreadGC2.dll -> C:\WINDOWS\System32\pthreadGC2.dll -> [2009/12/11 17:20:29 | 00,060,273 | ---- | C] (Open Source Software community project)
Cucusoft -> C:\Program Files\Cucusoft -> [2009/12/11 17:20:25 | 00,000,000 | ---D | C]
freestar -> C:\Program Files\freestar -> [2009/12/11 17:14:00 | 00,000,000 | ---D | C]
Plato DVD Ripper -> C:\Program Files\Plato DVD Ripper -> [2009/12/11 13:47:34 | 00,000,000 | ---D | C]
MagicDVDCopier -> C:\Program Files\Common Files\MagicDVDCopier -> [2009/12/11 12:24:27 | 00,000,000 | ---D | C]
Pcouffin.sys -> C:\WINDOWS\System32\drivers\Pcouffin.sys -> [2009/12/11 12:24:15 | 00,047,360 | ---- | C] (VSO Software)
Config.Msi -> C:\Config.Msi -> [2009/12/11 12:08:36 | 00,000,000 | -HSD | C]
MagicDVDRipper -> C:\Program Files\Common Files\MagicDVDRipper -> [2009/12/10 21:10:07 | 00,000,000 | ---D | C]
No1 DVD Ripper -> C:\Program Files\No1 DVD Ripper -> [2009/12/10 20:56:02 | 00,000,000 | ---D | C]
ie8 -> C:\WINDOWS\ie8 -> [2009/12/08 10:46:36 | 00,000,000 | -H-D | C]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2008/09/04 10:56:18 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2007/11/15 21:52:58 | 00,000,000 | ---D | M]
Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2007/08/18 20:53:00 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2006/10/15 22:02:17 | 00,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2006/10/15 21:59:10 | 00,000,000 | --SD | M]
[Files/Folders - Modified Within 30 Days]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/31 11:42:04 | 00,013,646 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/31 11:42:04 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/31 11:42:02 | 00,002,048 | --S- | M] ()
ntuser.dat -> C:\Documents and Settings\philip\ntuser.dat -> [2009/12/31 11:40:56 | 10,747,904 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\philip\ntuser.ini -> [2009/12/31 11:40:56 | 00,000,178 | -HS- | M] ()
iTunes.lnk -> C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk -> [2009/12/31 00:05:15 | 00,002,137 | ---- | M] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/12/30 23:09:17 | 00,000,664 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\philip\Desktop\OTS.exe -> [2009/12/30 17:41:47 | 00,599,040 | ---- | M] (OldTimer Tools)
OTM.exe -> C:\Documents and Settings\philip\Desktop\OTM.exe -> [2009/12/30 15:38:10 | 00,452,096 | ---- | M] (OldTimer Tools)
SystemLook.exe -> C:\Documents and Settings\philip\Desktop\SystemLook.exe -> [2009/12/30 15:09:32 | 00,102,660 | ---- | M] ()
SecurityCheck.exe -> C:\Documents and Settings\philip\Desktop\SecurityCheck.exe -> [2009/12/30 12:00:38 | 00,843,187 | ---- | M] ()
TFC.exe -> C:\Documents and Settings\philip\Desktop\TFC.exe -> [2009/12/29 19:54:19 | 00,410,624 | ---- | M] (OldTimer Tools)
RSIT.exe -> C:\Documents and Settings\philip\Desktop\RSIT.exe -> [2009/12/29 15:39:43 | 00,781,909 | ---- | M] ()
test.dat -> C:\WINDOWS\test.dat -> [2009/12/27 22:10:53 | 00,000,000 | ---- | M] ()
winomnifile.dat -> C:\WINDOWS\winomnifile.dat -> [2009/12/27 21:59:14 | 00,000,076 | ---- | M] ()
ERUNT AutoBackup.lnk -> C:\Documents and Settings\philip\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/12/26 00:19:22 | 00,000,767 | ---- | M] ()
NTREGOPT.lnk -> C:\Documents and Settings\philip\Desktop\NTREGOPT.lnk -> [2009/12/26 00:19:13 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> C:\Documents and Settings\philip\Desktop\ERUNT.lnk -> [2009/12/26 00:19:13 | 00,000,592 | ---- | M] ()
LauncherAccess.dt -> C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt -> [2009/12/19 18:18:04 | 00,000,000 | ---- | M] ()
Older lady looking for hung stallions (not over 30 years old Central london London sex casual relationships girls guys.mht -> C:\Documents and Settings\philip\My Documents\Older lady looking for hung stallions (not over 30 years old Central london London sex casual relationships girls guys.mht -> [2009/12/19 00:28:43 | 00,398,969 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/17 18:00:59 | 00,071,680 | ---- | M] ()
statistics.xml -> C:\statistics.xml -> [2009/12/11 17:25:48 | 00,000,014 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/12/11 12:45:27 | 00,069,624 | ---- | M] ()
Pcouffin.sys -> C:\WINDOWS\System32\drivers\Pcouffin.sys -> [2009/12/11 12:24:15 | 00,047,360 | ---- | M] (VSO Software)
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/12/11 12:16:59 | 00,265,416 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/12/11 12:08:10 | 00,000,601 | ---- | M] ()
DVD Ripper Standard.ini -> C:\WINDOWS\DVD Ripper Standard.ini -> [2009/12/10 20:52:06 | 00,000,117 | ---- | M] ()
pro DVD Ripper Standard.ini -> C:\WINDOWS\pro DVD Ripper Standard.ini -> [2009/12/10 20:52:06 | 00,000,058 | ---- | M] ()
DVD Ripper Standard.dat -> C:\WINDOWS\System32\DVD Ripper Standard.dat -> [2009/12/10 20:52:06 | 00,000,001 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/12/10 19:39:54 | 00,339,820 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/12/10 19:39:53 | 00,052,104 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/10 19:39:52 | 00,398,062 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/12/10 19:03:57 | 00,001,393 | ---- | M] ()
avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2009/12/07 21:22:15 | 00,056,816 | ---- | M] (Avira GmbH)
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
[Files - No Company Name]
SystemLook.exe -> C:\Documents and Settings\philip\Desktop\SystemLook.exe -> [2009/12/30 15:09:32 | 00,102,660 | ---- | C] ()
SecurityCheck.exe -> C:\Documents and Settings\philip\Desktop\SecurityCheck.exe -> [2009/12/30 12:00:36 | 00,843,187 | ---- | C] ()
RSIT.exe -> C:\Documents and Settings\philip\Desktop\RSIT.exe -> [2009/12/29 15:39:40 | 00,781,909 | ---- | C] ()
test.dat -> C:\WINDOWS\test.dat -> [2009/12/27 21:59:45 | 00,000,000 | ---- | C] ()
winomnifile.dat -> C:\WINDOWS\winomnifile.dat -> [2009/12/27 21:59:14 | 00,000,076 | ---- | C] ()
ERUNT AutoBackup.lnk -> C:\Documents and Settings\philip\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/12/26 00:19:22 | 00,000,767 | ---- | C] ()
NTREGOPT.lnk -> C:\Documents and Settings\philip\Desktop\NTREGOPT.lnk -> [2009/12/26 00:19:13 | 00,000,611 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\philip\Desktop\ERUNT.lnk -> [2009/12/26 00:19:13 | 00,000,592 | ---- | C] ()
Older lady looking for hung stallions (not over 30 years old Central london London sex casual relationships girls guys.mht -> C:\Documents and Settings\philip\My Documents\Older lady looking for hung stallions (not over 30 years old Central london London sex casual relationships girls guys.mht -> [2009/12/19 00:28:41 | 00,398,969 | ---- | C] ()
statistics.xml -> C:\statistics.xml -> [2009/12/11 17:25:33 | 00,000,014 | ---- | C] ()
lame_acm.xml -> C:\WINDOWS\System32\lame_acm.xml -> [2009/12/11 17:23:37 | 00,000,414 | ---- | C] ()
qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2009/12/11 17:23:36 | 03,596,288 | ---- | C] ()
actskn43.ocx -> C:\WINDOWS\System32\actskn43.ocx -> [2009/12/11 17:23:35 | 00,389,120 | ---- | C] ()
ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2009/12/11 17:20:29 | 00,057,344 | ---- | C] ()
ff_acm.acm -> C:\WINDOWS\System32\ff_acm.acm -> [2009/12/11 17:20:29 | 00,006,144 | ---- | C] ()
ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2009/12/11 17:20:29 | 00,000,547 | ---- | C] ()
DVD Ripper Standard.ini -> C:\WINDOWS\DVD Ripper Standard.ini -> [2009/12/10 20:52:06 | 00,000,117 | ---- | C] ()
pro DVD Ripper Standard.ini -> C:\WINDOWS\pro DVD Ripper Standard.ini -> [2009/12/10 20:52:06 | 00,000,058 | ---- | C] ()
DVD Ripper Standard.dat -> C:\WINDOWS\System32\DVD Ripper Standard.dat -> [2009/12/10 20:51:56 | 00,000,001 | ---- | C] ()
iTunes.lnk -> C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk -> [2009/12/07 00:13:36 | 00,002,137 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2009/06/17 20:49:28 | 00,000,075 | ---- | C] ()
StarOpen.sys -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2008/12/25 13:48:32 | 00,005,632 | ---- | C] ()
_psisdecd.dll -> C:\WINDOWS\System32\_psisdecd.dll -> [2008/11/20 20:55:29 | 00,198,144 | ---- | C] ()
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2008/11/09 00:39:15 | 00,147,456 | ---- | C] ()
mfc45.dll -> C:\WINDOWS\System32\mfc45.dll -> [2008/11/09 00:26:20 | 00,074,703 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2007/06/28 10:54:10 | 00,180,224 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2007/06/28 10:52:18 | 00,761,856 | ---- | C] ()
[Alternate Data Streams]
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp:5C321E34
< End of report >Hi Edgecrusher
1 - Run Malwarebytes' Anti-Malware
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - Status Check
Please reply with
the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC
Thanks peku006
1 - Run Malwarebytes' Anti-Malware
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
- After the update have been completed, Select the Scanner tab.
- Make sure the "Perform full scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Click on the Show Results button to see a list of any malware that was found.
- Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later. - When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt - Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - Status Check
Please reply with
the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC
Thanks peku006
Edgecrusher
New member
the log still hasnt found anything. and that hotbar installation still keeps on coming up on the freeonlinemoviesforum.com site. but when it does come up, it says hotbar can be uninstalled from add/remove control panel. but still its not there.
Malwarebytes' Anti-Malware 1.43
Database version: 3462
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/31/2009 3:35:59 PM
mbam-log-2009-12-31 (15-35-59).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 256449
Time elapsed: 2 hour(s), 21 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.43
Database version: 3462
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/31/2009 3:35:59 PM
mbam-log-2009-12-31 (15-35-59).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 256449
Time elapsed: 2 hour(s), 21 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Edgecrusher
New member
oh that. yes i have read that before, but as i remember it didnt mention hotbar before. but i see the post has been edited.
Hi Edgecrusher
Once again
Thanks peku006
Once again
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code::regfind Hotbar - Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Thanks peku006
Edgecrusher
New member
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 18:36 on 31/12/2009 by philip (Administrator - Elevation successful)
========== regfind ==========
Searching for "Hotbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hotbar.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hotbar.com]
-=End Of File=-
Log created at 18:36 on 31/12/2009 by philip (Administrator - Elevation successful)
========== regfind ==========
Searching for "Hotbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hotbar.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hotbar.com]
-=End Of File=-
Hi Edgecrusher
NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Thanks peku006
- Double-click OTM.exe to run it.
- Paste the following code under the
area. Do not include the word Code.
Code:
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hotbar.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hotbar.com]- Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Push the large button.
- OTM may ask to reboot the machine. Please do so if asked.
- Copy everything in the Results window (under the green bar), and paste it in your next reply.
NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Thanks peku006
Edgecrusher
New member
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hotbar.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hotbar.com\ deleted successfully.
OTM by OldTimer - Version 3.1.4.0 log created on 12312009_201441
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hotbar.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\hotbar.com\ deleted successfully.
OTM by OldTimer - Version 3.1.4.0 log created on 12312009_201441
Edgecrusher
New member
it's still there, but looks like i will have to keep on cancelling the installation everytime i visit the movie forum site. you can close the thread now. thanks for your help on the koobface virus, much appreciated. 
Edgecrusher
New member
acutally i just gone back to the site and the hotbar doesnt come up anymore lol.
Hi Edgecrusher
Your log now appears to be clean. Congratulations! :yahoo:
To remove all of the tools we used and the files and folders they created do the following:
Delete Security Check and SystemLook from your desktop.
Download OTC by Old Timer and save it to your Desktop.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep ......Malwarebytes' Anti-Malware Scanning Guide.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Here are some things that I think are worth having a look at if you don't already know a bout them:.
Spybot Search and Destroy
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here
WinPatrol
Download it from here
Here you can find information about how WinPatrol works here
FireTrust SiteHound
You can find information and download it from here
MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information here how to prevent Malware.
Happy safe surfing! :bigthumb:
peku006
Your log now appears to be clean. Congratulations! :yahoo:
To remove all of the tools we used and the files and folders they created do the following:
Delete Security Check and SystemLook from your desktop.
Download OTC by Old Timer and save it to your Desktop.
- Double-click OTC.exe
- Click the CleanUp! button
- Select Yes when the Begin cleanup Process? Prompt appears
- If you are prompted to Reboot during the cleanup, select Yes
- The tool will delete itself once it finishes, if not delete it by yourself
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep ......Malwarebytes' Anti-Malware Scanning Guide.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.
- Reboot.
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- UN-Check *Turn off System Restore*.
- Click Apply, and then click OK.
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Here are some things that I think are worth having a look at if you don't already know a bout them:.
Spybot Search and Destroy
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here
WinPatrol
Download it from here
Here you can find information about how WinPatrol works here
FireTrust SiteHound
You can find information and download it from here
MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information here how to prevent Malware.
Happy safe surfing! :bigthumb:
peku006
Edgecrusher
New member
it doesnt show the system restore tab when i go to my computer then properties.
Edgecrusher
New member
hold on, i was able to ge to it through the start menu and all programs
As this issue appears to be resolved, this topic is now closed
We are pleased to have been some help in getting you clean.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D!
We are pleased to have been some help in getting you clean.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D!